Securing FreePBX from attacks
-
@eddiejennings said in Securing FreePBX from attacks:
I think I can now answer my own question. Since Fail2Ban isn't acting on its own, it won't have any jails listed.
Potentially, yes. I'd expect something to log somewhere, but that F2B doesn't do it itself is not surprising.
-
If this is truly the case of integration, it stinks that 2 hours of searching for info on how to find things in logs, settings came up so short - i.e. seeming little/no documentation. Now because Scott will accuse me of something I'm not intending - I'm not accusing them of not having any documentation, but I will say I find it extremely difficult to find if such documentation does exist.
-
Current task is now figuring what "invalid data" is being sent by my external test users to cause the firewall to think they're attackers.
-
@eddiejennings said in Securing FreePBX from attacks:
Current task is now figuring what "invalid data" is being sent by my external test users to cause the firewall to think they're attackers.
ug.. I have this exact problem!
-
To clarify, this is negatively affecting people from making calls with Linphone. I'll deal with UCP access and such later.
-
@eddiejennings said in Securing FreePBX from attacks:
Current task is now figuring what "invalid data" is being sent by my external test users to cause the firewall to think they're attackers.
UDP?
-
@scottalanmiller said in Securing FreePBX from attacks:
@eddiejennings said in Securing FreePBX from attacks:
Current task is now figuring what "invalid data" is being sent by my external test users to cause the firewall to think they're attackers.
UDP?
In @Dashrender's case he has Yealink desk phones as the only thing on site and the site is getting blacklisted by the responsive firewall. As soon as he white lists the IP, the phones register.
-
@jaredbusch said in Securing FreePBX from attacks:
@scottalanmiller said in Securing FreePBX from attacks:
@eddiejennings said in Securing FreePBX from attacks:
Current task is now figuring what "invalid data" is being sent by my external test users to cause the firewall to think they're attackers.
UDP?
In @Dashrender's case he has Yealink desk phones as the only thing on site and the site is getting blacklisted by the responsive firewall. As soon as he white lists the IP, the phones register.
Oh, the RP not the outside edge firewall. Odd, okay.
-
@scottalanmiller said in Securing FreePBX from attacks:
@jaredbusch said in Securing FreePBX from attacks:
@scottalanmiller said in Securing FreePBX from attacks:
@eddiejennings said in Securing FreePBX from attacks:
Current task is now figuring what "invalid data" is being sent by my external test users to cause the firewall to think they're attackers.
UDP?
In @Dashrender's case he has Yealink desk phones as the only thing on site and the site is getting blacklisted by the responsive firewall. As soon as he white lists the IP, the phones register.
Oh, the RP not the outside edge firewall. Odd, okay.
Yeah. Forgive my lack of clarity.
-
Other oddity. Both redacted IP addresses are the same.
-
@eddiejennings said in Securing FreePBX from attacks:
Other oddity. Both redacted IP addresses are the same.
Open another tab in chrome or whatever browser and type
What is my IP to confirm the expected IP. -
@dashrender said in Securing FreePBX from attacks:
@eddiejennings said in Securing FreePBX from attacks:
Other oddity. Both redacted IP addresses are the same.
Open another tab in chrome or whatever browser and type
What is my IP to confirm the expected IP.Heh. Yes, I've confirmed the IP of the client machine mentioned is the IP I'm using, which is the IP that's assigned to the Trusted zone.
-
@eddiejennings said in Securing FreePBX from attacks:
Other oddity. Both redacted IP addresses are the same.
I think I had this happen when I set up mine. Everything seemed to work fine, but the error message was still there. I can't remember if it was a simple reboot that fixed it, a firmware upgrade, or what.
-
As a test, I added one of my remote end user's IP addresses to the System Admin > Intrusion Detection Whitelist to see if that would prevent them from being blocked by the Responsive Firewall. Alas, I return from lunch and they're once again blocked. Since I'm still in a testing mode, I'm thinking of blowing away this PBX, rebuilding, and seeing if the problem replicates.
-
@eddiejennings said in Securing FreePBX from attacks:
As a test, I added one of my remote end user's IP addresses to the System Admin > Intrusion Detection Whitelist to see if that would prevent them from being blocked by the Responsive Firewall. Alas, I return from lunch and they're once again blocked. Since I'm still in a testing mode, I'm thinking of blowing away this PBX, rebuilding, and seeing if the problem replicates.
I'm curious to find out - since I'm having the same issue!
-
New PBX is now installed, configured, and updated. Let's see what happens.
-
Might be time to play with the built-in OpenVPN server. I have RF enabled on my remote FreePBX with 90% of endpoints being Yealink and have not had any issues.
-
I wonder what Eddie and I are doing differently than JB that's causing our issues?
-
Assuming you have reinstalled and the problem exists, open a support case with Sangoma. The cost is minimal compared to the time you are spending.
-
Yeah. I'm probably going to have to do that. It just doesn't make sense for these Linphone users to successfully register, then be rate-limited, then be blocked as attackers.
