I would have to point out that it is not actually a fail2ban related log, it is a log produced by Asterisk’s “security” logging that is called fail2ban.log and watched by fail2ban , but because the result of the challenge was “successful” then please don’t blame fail2ban. Apparently 5.6.7.8 knows enough about 1.2.3.4’s accounts to bypass the firewall, it is probably not from asterisk, (perhaps 5038 if open) but likely by another successful penetration of the FreePBX code that allows "AccountID=“0112917162381” to be accepted which is a number in Eritrea, AccountID=“01150427888372” which is a number in Honduras, I suspect a bigger problem here . . .
Perhaps
has already found that vulnerabilty. . . .