Hi all after checking my fail2ban logs via the web UI i have noticed i am getting constant entries like the one below i am running this instance on a Remote VPS server. is this anything to be worried about as its constant and i see its coming from the localhost. 127.0.0.1
I have removed some commercial modules recently that i didn’t need i installed using the latest ISO on my remote VPS server could it be a local module causing this ?
Here is just one of the entries of my fail2ban log…
That’s actually a “security” log line from Asterisk matching ‘manager’ logins .
I don’t believe your Fail2Ban has a regex to catch any bad ones though, this one is benign, it’s just the admin ‘manager’ logging in every minute or so.
Thanks For the Fast Reply was just a little worried as it’s on a VPs and was afraid that Mabe someone on the sharded network was trying something thanks again for the heads-up…
Well, there is a very slight vulnerability , as by default the manager is ‘bound’ to 0.0.0.0 in /etc/asterisk/manager.conf thus open to the whole internet if port 5038 is allowed through your firewall with no f2b safety belt , it would be safer to use 127.0.0.1 in almost all cases. JM2CWAE