Hope everyone is doing alright. This is the second day in a row, I wake up from the PBX system with SIP and SSH bans. Yesterday I logged in and saw the firewall disabled and thought it was I who left the firewall off. Once I turned it on, everything became quite again. Today, I wake up to the same thing. Firewall disabled again and i’m getting attacked again. Not sure what’s is going on. I’m about to update YUM and also change my passwords (which are randomly generated).
I’d like to figure out why the firewall is being disabled and what I can do to mitigate further attacks.
I also see this error message:
There was an error updating certificate “pbx.xxxx.xxx”: REMOTE_ADDR didn’t parse -
Things I’ve done recently (in order):
Installed the GraphQL Module (Jul 5th)
Moved Sangoma phones to VPN (Aug 1st and Aug 2nd)
Updated all modules that had updates available (Aug 1st)
It’s much better in than the prior version, but tagging the ticket as resolved was premature. It’s no longer 100% probability of disabling the firewall, but it can still happen.
I guess that is it. I didn’t think they were related (firewall and certificates).
I updated the certificate manually, but where do I download the module from to go to the new version or should I just wait since I’ve renewed the certificate manually.
The updated module can be downloaded from the edge repo:
fwconsole ma --edge upgrade certman
But, if the cert has updated, the firewall is running, and you have no other certs renewing soon, waiting shouldn’t hurt. I’m hoping they will have a better fix than the current edge version.
Yeah. No other cert needs to be updated. So i’ll just wait. Thank you both! I honestly thought I did something wrong on the system to get Toll Fraud Calls going. Good thing I had restrictions enabled, all the Toll Fraud calls failed.