Is some trying to hack my asterisk server?

hi,today morning i saw asterisk log file containing a suspicious logs like given below

013-05-09 11:36:45] NOTICE[26304] chan_sip.c: Sending fake auth rejection for device 5008sip:5008@x.x.x.x;tag=xxxxx

this log repleted like 100 this some kind of brute force sip attack,pls help

All SIP servers visible to the internet are continually under attack.

Either device 5008 is misconfigured (using 5008 as a device name is not best practice), or you are are seeing one of the many attacks.

Note the correct forum for support questions on Asterisk itself (e.g. not FreePBX) is Asterisk Support.

If you’re using FreePBX, try to make practice of using permit and deny options. Also you can use

iptables -A INPUT -s x.x.x.x -j DROP

where x.x.x.x is the IP trying to connect from outside.

You could try create a filter in fail2ban. Just have to test to make sure it doesn’t ban legitimate things.

I have found that trying to ban IP’s manually is useless. These scans are automated and often designed switch to a different IP if blocked. They could have hundreds if not thousands of IP’s.

Yes, fail2ban is recommend solution to secure asterisk server

Install Webmin & CSF Firewall. Better than relying on fail2ban and secures your server better. Easy to set up and manage. I suggest this to all my clients.