Hi I’m a long time windows, first time linux/PBX admin.
I set up a PBX on a virtual server using FreePBX and I was able to make a receive calls from the PBX. I also set it up so Lenny answers any incoming calls (lol).
I went away from a 3 days and when I came back to check on it I’ve had 56476 calls according to the CDR reports. Here is a sample of the logs:
- Sat, 20 Feb 2021 12:26 1613823969.302 5312 Congestion s [from-sip-external] ANSWERED 00:12
- Sat, 20 Feb 2021 12:25 1613823949.301 5311 Congestion s [from-sip-external] ANSWERED 00:12
- Sat, 20 Feb 2021 12:25 1613823942.300 testing4 Congestion s [from-sip-external] ANSWERED 00:12
- Sat, 20 Feb 2021 12:25 1613823925.299 5310 Congestion s [from-sip-external] ANSWERED 00:12
- Sat, 20 Feb 2021 12:25 1613823909.298 5309 Congestion s [from-sip-external] ANSWERED 00:12
- Sat, 20 Feb 2021 12:24 1613823895.297 testing4 Congestion s [from-sip-external] ANSWERED 00:12
- Sat, 20 Feb 2021 12:24 1613823893.296 5308 Congestion s [from-sip-external] ANSWERED 00:12
- Sat, 20 Feb 2021 12:24 1613823872.295 5307 Congestion s [from-sip-external] ANSWERED 00:12
I checked my trunk provider and thankfully not a single call made it through on there end. They CDR only shows the few test calls I made.
It’s obvious someone is trying to brute force my extensions but I don’t even have password extensions set up, I’m using PJSIP with IP Auth, not passwords.
The firewall and Fail2Ban are running but they don’t seem to be doing anything at all.
I’m not very confident with my Linux/PBX firewall knowledge so I just went with the default settings.
My log folder is over 17G and there is just to much for me to dig through.
I plan on just nuking the server and rebuilding from scratch but I’d like to know what I can do in the future to prevent this from happening. I know this is not the FreePBX forum (waiting for them to OK my accout) but I’m looking for general PBX/Security advice. Not asking for “what button do I push” I just would like to know what steps I can take to prevent these people from being able to flood my PBX like this.
Thanks for reading.