Hello I’m seeing the asterisk -rvvv commands i learned from searching online and one thing I’m seeing is this
[2016-05-14 22:38:38] NOTICE: chan_sip.c:28309 handle_request_register: Registration from ‘50000 sip:[email protected]’ failed for ‘184.108.40.206:55410’ - Wrong password. Is someone trying to hack me?
Somebody is try to auth against your box.
Is you box directly on web…or in cloud.
On the web. And I did not setup a Ext 50000.
They don’t know that. They try any extension. Make sure you have it locked down. There is a few pages on web the show you how to lock them down.
make sure you use strong passwords for you extensions.
Okay thank you. Looks like the Intrusion Detection sees it and blocks there IP address but somehow there still trying.
Am i safe or should i be worried?
Just make sure you box is locked down. Make sure to use the firewall and as you already said fail2ban is running
I thought the failtoban is the firewall? is there another one?
What version are you running?
go to module admin and look for system firewall
I do not see that module there? Where can i get it at?
Are you running freepbx 13
I’m using FreePBX 220.127.116.11 asterisk 11. I heard 13 was having some problems with freepbx 13 Asterisk 13.
I run FreePBX 13 and Asterisk 13 and don’t have any issues.
Okay it looks like i will have to do a update on it. But mean while it looks like whoever trying to get on a ext stopped. Also have to figure out my other 2 problems I’m having I’ll be all set.
Yes, 13 is quite stable, I have been running it for quite a few months without issue. I don’t personally use the firewall option myself as I have a PFSense firewall in front of my FreePBX server with certain ports open for certain IPs. But that is a whole different topic. lol
Thank you all for the help it seems like someone was hacking me. I tired to install the newest version of freepbx onto a test system to see the difference and the Web GUI is wow way different. So into i learn the newest Web GUI We didn’t upgrade to the latest one. What we did it we had a hardware firewall we installed. Also notice the Intrusion Detection was off. But no damage was done as far as i can see. fingers crossed. So turned back on the Intrusion Detection and hardware firewall seems to be okay. If any problem i guess i will be back here to figure it out. Thank you all for the help.
You can also run CSF in conjunction with Fail2Ban. It’s an über firewall… which does mean if you are not careful, you can lock your self out. I have a hosted FreePBX that I’m using as an offsite fail over. I was constantly getting alerts until I turned it on. Have it locked down to the IPs that are allowed to access and ports… not much else.
Or… you can get an SBC (Session Border Controller). Went to Sangoma’s training learning how to set up their’s… only did it once but will do a great job locking people out. It takes a bit to get right if you are not familiar with it… like me, but works well.
Thank you Pucky for that. I’m looking at it.
If you can swing it… I’d really suggest the training. I’m like most… learning about FreePBX via blood, sweat and bald spots from hair pulling. Learned a great deal and the week really was not long enough. Well worth it.