@alexcal wrote:
i'm running a raspberry pi 2 with Asterisk Version: 11.22.0 FreePBX 13.0.123.
after being hacked twice previously, mainly due to poor setup and security measures. I thought I had resolved the issues but though it hasn't happened again I am a bit worried about recent emails I'm receiving about asterisk attacks, I was previously getting multiple ssh attacks. I now use a hashed ssh password, increased ban times, decrease find times and max retry and have changed ssh port.
despite this I am now getting warnings repeatedly from the same ip address about asterisk attacks likes this:
Hi,
The IP 209.126.97.240 has just been banned by Fail2Ban after
20 attempts against Asterisk.
Regards,
Fail2Banwhat worries me is the 20 attempts part, which I was pretty sure was covered by my settings in fail2ban but obviously not. the emails were being sent every 80 mins (sometime less) let's say average 4800 seconds, the ban times I use in my jail.conf are set to several days.
I don't want to ban ip's permanently but want to increase the ban time for asterisk and sip attacks in line with what i believe i have set for ssh but can't seem to find where I can make changes.can someone out there help me with this please.
Posts: 5
Participants: 3