Hi
Although firewall, fail2ban and using very complex password for SIP accounts, I still have some damn pirates that succeed to bruteforce SIP passwords of accounts 
As most of extensions are used with SangomaConnect and so not using SIP, is there a way to disable SIP login for extensions used only with SangomaConnect ?
Thanks, best,
Vincèn
F2B should ban the brutfoces.
Check if there is something wrong in the Trusted Zone which allow IPs to connect directly on your server.
Where the brutforce comes from?
Sangoma Connect sets the firewall allowing a bunch of IP addresses from Sangoma.
Check if your interface Eth0 (os else) is set on the Internet Zone and not on the Local Zone.
Are you sure this was a brute force attack? A brute fore attack would leave a large log trail of failed calls.
As a technical point, SIP doesn’t have log ins. Incoming registration only officially applies to outgoing calls, and incoming calls have to be authenticated individually.
However, some systems do limit incoming calls to the address registered for outgoing calls, or like chan_sip, will match that address, as an alternative to the From user (but I think it will still require each request to be authenticated, individually). chan_pjsip does not have these behaviours.
Chan_sip is compatible with Sangoma Connect? I beleived the extension should be PJSIP. Not sure because I did not worked on it since. So, maybe I’m wrong.
Where did you get this conclusion from? SangomaConnect is a SIP soft phone application. It 100% is using SIP
Thanks i checked that and nothing wrong there 
After a little of investigation it looks like there was no brute force as they connected straight on a SIP extension of the system. It looks like the SIP credentials have leaked (they are stored in a password manager that is out of doubt) and have been used only in past with Zoiper application. Perhaps a data leak with Zoiper ? I’m still trying to understand/find out how they could get hands on the SIP credentials of the extension.
No idea but not sure why you ask that ? my system is only using PJSIP.
I thought SangomaConnect was doing a sort of relay between FreePBX and the mobile app and so was not using SIP. So basically I can’t disable or block SIP port of FreePBX as it would prevent SangomaConnect to work right ?
Thanks
Vincèn
I think it just provides push services to wake up the app on the phone so that the SIP session can then be established. iPhones don’t allow a SIP UAS to be permanently running on the phone, and
I think the reference to chan_sip resulted from my aside about there being no real log ins in SIP.