So not even sure that description is accurate. I added google voice as an inbound and outbound route a few days ago. Starting today around 4 PM, I’ve been getting a ‘call’ from 100/100 (Name / CID) every 25 minutes:
(Pacific time)
418
443
508
534
559
625
652
And so on.
/var/log/asterisk/full.log shows nothing when these come in.
Only thing I can think of is google voice. But everything in GV is set to DND - and Google talk is set to never ring.
I guess I’ll try disabling it and see, but for the night I’m unplugging the phone, and obviously nothing that I see is logged. Any clues on what to look for? Anyone encountered this?
I have a incoming route from flowroute and a google voice trunk / route. Not sure what other information is needed to provide…
This seems like some is poking your server with SIP calls trying different combination of extensions/passwords. I’m assuming your port 5060 is open. You should set “Allow SIP guests” and “Allow anonymous inbound SIP calls” to NO in advanced SIP settings. If your asterisk is 1.8 you won’t see IP address from which those calls are coming in /var/log/asterisk/full.log. However, with asterisk 11 those should be visible in /var/log/asterisk/security.log and you can act further on them (say ban those IPs with fail2ban if you wish). Closing 5060 port is also an option of course if you can do that.
Thanks for the reply. I’m running asterisk 11.6.0 and allow sip guests and allow anon inbound sip calls are both no. I have no /var/log/asterisk/security.log ?
You won’t since security log is a new feature that started with asterisk 10 I believe. Unless you want to upgrade (and you should since 1.6 is EOL) you won’t get it.
Oh sorry I misread. You are on 11.6. There is a module in freepbx that allows you to change what is logged. Make sure you are logging security events into a separate log.
Ensure your system is up to date and then check Settings -> Asterisk logfile settings. You can enable the security log level for your existing full log, or create a new custom log. You can also manage fail2ban (block ip’s)in freepbx under admin -> system admin -> intrusion detection
Thanks for the reply… I don’t see any Security log setting? And under Admin, I don’t have a System Admin? Don’t see System Admin or Intusion detection anywhere.
That would help with other attempts though so would be nice to add that if possible!
So attempted to install it get error:
System Admin cannot be installed:
PHP Component Zend Guard Loader is required but missing from you PHP installation.
File /usr/sbin/incrond must exist.
Please try again after the dependencies have been installed.
Now, I login - then when I click on any thing, I get the ‘3 guys’ screen - Freepbx admin, user control, get support.
and module admin doesn’t work, I get
Not found
The section you requested does not exist or you do not have access to it.
So like login. Go to feature codes, get the freepbx admin / user control panel / get support screen. Click freepbx administration. Log in. Get requested screen (except module admin).
Oh man, thank you you are a lifesaver! LOL. Had me scared there!
so not sure if it’s my setup or something else, but I had to cd to the directory amportal was in /usr/local/sbin, and sudo ./amportal … amportal didn’t work from another directory, sudo amportal didn’t work from another directory. From IN /usr/local/sbin sudo amportal … didn’t work. just really odd. Just in case anyone else runs across that
Thanks!
And - not sure if this tells you anything, but today - NO calls from the odd caller ID. Until I ran the above commands - then literally 2 minutes later, a call from 2000000 / 200 0000 (name / Number) . I wasn’t home but based the no calls today on my caller ID on the phone…