UCP intrusion

Hi
UCP intrusion attempts are not blocked on my server
maybe I didn’t configure the firewall correctly?!
System Firewall 15.0.8.4
FreePBX 15.0.17.12
Asterisk Version 16.15.1
User Control Panel 15.0.6.26

Screenshot_2021-01-23%20-%20FreePBX%20Administration(1)

Please provide a little more detail on your you access UCP?..
Also, please post a screenshot of the NIC settings in the firewall.

the user panel is open to any address
however, no blocking occurs when trying to brute force the user’s password

Your firewall doesn’t do anything if the default NIC is set to local.

Please read all child pages related to the firewall: https://wiki.freepbx.org/display/FPG/Firewall

Perhaps I really did not configure the firewall correctly, but I found that attempts to guess the password for the web interface are not recorded correctly in the logs

in case of entering incorrect data in the login and password input field, the following entry is written to the log

 SECURITY[13168]: res_security_log.c:114 security_event_stasis_cb: SecurityEvent="SuccessfulAuth",EventTV="2021-01-25T11:59:50.958+0300",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x1ba3b90",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/60158",UsingPassword="0",SessionTV="2021-01-25T11:59:50.958+0300"

and for example unsuccessful attempts to connect via sip are displayed like this

NOTICE[7274]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'REGISTER' from '"1666" <sip:[email protected]>' failed for '52.162.203.157:5499' (callid: 1339578320) - Failed to authenticate

and these addresses are blocked by the firewall regardless of the selected zone
I did check this from different IP addresses, the result is always the same

This should be resolved in Framework v15.0.17.17 available in edge now:

fwconsole ma upgrade framework --edge

It may be necessary to restart fail2ban.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.