hardocp
(hardocp)
November 16, 2021, 5:04pm
1
Running FreePBX v16 on a hosted VULTR VM –
Everything is up to date and been running fine for a while now
I also have the responsive firewall turned on for PJSIP for softphone connections via users cell phones
Anyway today for the first time ever i received a very odd email from fail2ban–
Hi,
The IP 23.148.145.90 has just been banned by Fail2Ban after
_3 attempts against PBX-GUI on ____.com.
Regards,
Fail2Ban
What was weird was that this was an attempt against the GUI directly – normally i get these for the PJSIP ports – but never for the GUI
I tried connecting to the server GUI from a non-authorized / non listed network and as expected the connection timed out
I am confused as to how someone was able to connect to the GUI in the first place – never mind attempt to access it
AdFun7911
(AdFun7911)
November 16, 2021, 8:26pm
2
Is that the actual IP address? What does the log in /tmp/firewall.log
say?
lgaetz
(Lorne Gaetz)
November 16, 2021, 8:50pm
3
This could be either for the Admin GUI or a UCP login attempt. I assume you don’t recognize the offending IP in this case, but know that any source IP that successfully registers to Asterisk thru the responsive firewall gets access to the UCP regardless of how the UCP service is zoned.
hardocp
(hardocp)
November 16, 2021, 9:00pm
4
Do not recognize the IP nor were they able to successfully register to Asterisk (not for lack of trying)
[2021-11-16 09:37:50] [freepbx_security.NOTICE]: Authentication failure for 813 from 23.148.145.90 [] []
[2021-11-16 09:41:46] [freepbx_security.NOTICE]: Authentication failure for 1001 from 23.148.145.90 [] []
[2021-11-16 09:52:31] [freepbx_security.NOTICE]: Authentication failure for 814 from 23.148.145.90 [] []
[2021-11-16 10:09:22] [freepbx_security.NOTICE]: Authentication failure for 814 from 23.148.145.90 [] []
[2021-11-16 10:23:26] [freepbx_security.NOTICE]: Authentication failure for 814 from 23.148.145.90 [] []
[2021-11-16 10:34:35] [freepbx_security.NOTICE]: Authentication failure for 1001 from 23.148.145.90 [] []
[2021-11-16 10:37:53] [freepbx_security.NOTICE]: Authentication failure for 814 from 23.148.145.90 [] []
[2021-11-16 10:52:47] [freepbx_security.NOTICE]: Authentication failure for 815 from 23.148.145.90 [] []
[2021-11-16 11:07:44] [freepbx_security.NOTICE]: Authentication failure for 815 from 23.148.145.90 [] []
[2021-11-16 11:22:23] [freepbx_security.NOTICE]: Authentication failure for 815 from 23.148.145.90 [] []
[2021-11-16 11:36:20] [freepbx_security.NOTICE]: Authentication failure for 815 from 23.148.145.90 [] []
[2021-11-16 11:49:28] [freepbx_security.NOTICE]: Authentication failure for 1002 from 23.148.145.90 [] []
[2021-11-16 11:49:30] [freepbx_security.NOTICE]: Authentication failure for 1002 from 23.148.145.90 [] []
[2021-11-16 11:50:21] [freepbx_security.NOTICE]: Authentication failure for 816 from 23.148.145.90 [] []
[2021-11-16 13:48:07] [freepbx_security.NOTICE]: Authentication failure for 1002 from 23.148.145.90 [] []
[2021-11-16 13:48:07] [freepbx_security.NOTICE]: Authentication failure for 1002 from 23.148.145.90 [] []
[2021-11-16 15:53:55] [freepbx_security.NOTICE]: Authentication failure for 1002 from 23.148.145.90 [] []
[2021-11-16 15:53:55] [freepbx_security.NOTICE]: Authentication failure for 1002 from 23.148.145.90 [] []
system
(system)
Closed
December 17, 2021, 9:00pm
5
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.