<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:10pt">these iptables rules work for me:<br>http://txlab.wordpress.com/2013/06/29/protecting-a-vpbx-from-dos-attacks/<br>They reduce the CPU usage quite dramatically, still keeping the system operational.<br><br><br><div><span><br></span></div><div><br></div> <div style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <hr size="1"> <font face="Arial" size="2"> <b><span style="font-weight:bold;">From:</span></b> Sayyed Mohammad Emami Razavi <emamirazavi@gmail.com><br> <b><span style="font-weight: bold;">To:</span></b> freeswitch-users@lists.freeswitch.org; freeswitch-dev@lists.freeswitch.org <br> <b><span style="font-weight: bold;">Sent:</span></b> Sunday, September 29, 2013 1:14 PM<br> <b><span style="font-weight:
bold;">Subject:</span></b> [Freeswitch-users] Automatically don't respond to abnormal registrations<br> </font> </div> <div class="y_msg_container"><br><div id="yiv8873911661"><div dir="ltr"><div><div><div><div><div>Can anyone describe a way in FS to get rid of crawlers and hackers testing your PBX second by second on the internet?!<br></div>What is the problem? This is ls of my FS's sqlite db after some annoying behaviours of hackers and crawlers violently done:<br>
[root@freeswitch db]# ll<br>total 705580<br>-rw-r--r-- 1 root root 7168 Sep 29 13:20 callcenter.db<br>-rw-r--r-- 1 root root 14336 Sep 23 10:29 call_limit.db<br>-rw-r--r-- 1 root root 257024 Sep 29 13:56 core.db<br>
-rw-r--r-- 1 root root 5120 Sep 29 13:20 fifo.db<br>-rw-r--r-- 1 root root 98304 Sep 24 11:34 sofia_reg_sipinterface_2.db<br>-rw-r--r-- 1 root root 367616 Sep 25 18:31 sofia_reg_sipinterface_3.db<br>-rw-r--r-- 1 root root 500726784 Sep 29 13:56 sofia_reg_sipinterface_5.db<br>
-rw-r--r-- 1 root root 221003312 Sep 29 13:56 sofia_reg_sipinterface_5.db-journal<br>-rw-r--r-- 1 root root 16384 Sep 23 10:29 voicemail_default.db<br>[root@freeswitch db]# <br><br>sofia_reg_sipinterface_5.db belongs to the interface listening on 5060 port.<br>
<br></div>As you see sofia_reg_sipinterface_5.db exceed 500MB of size! and this db has crashed!<br></div>and leads to drop port 5060 of interfaces.<br><br></div><div>when i ask fs_cli about profiles it tells me:<br>+OK log level [7]<br>
freeswitch@internal> sofia status<br> Name Type Data State<br>=================================================================================================<br>
sipinterface_3 profile <a rel="nofollow" target="_blank" href="http://sip:mod_sofia@192.168.2.73:5080/">sip:mod_sofia@192.168.2.73:5080</a> RUNNING (0)<br> voicemail_1 alias sipinterface_2 ALIASED<br>
voicemail_2 alias sipinterface_2 ALIASED<br> sipinterface_2 profile <a rel="nofollow" target="_blank" href="http://sip:mod_sofia@192.168.2.73:5070/">sip:mod_sofia@192.168.2.73:5070</a> RUNNING (0)<br>
=================================================================================================<br>2 profiles 2 aliases<br><br></div><div><br></div>Which open source firewalls can handle automatically weird sip requests to ban?!<br>
<br></div>Sincerely yours, <br><div><div><div><div><div><div><br></div></div></div></div></div></div></div>
</div><br>_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services:<br><a ymailto="mailto:consulting@freeswitch.org" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br><a href="http://www.freeswitchsolutions.com/" target="_blank">http://www.freeswitchsolutions.com</a><br><br>FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br><a href="http://www.cudatel.com/" target="_blank">http://www.cudatel.com</a><br><br>Official FreeSWITCH Sites<br><a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br><a href="http://wiki.freeswitch.org/" target="_blank">http://wiki.freeswitch.org</a><br><a href="http://www.cluecon.com/" target="_blank">http://www.cluecon.com</a><br><br>FreeSWITCH-users mailing list<br><a ymailto="mailto:FreeSWITCH-users@lists.freeswitch.org"
href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br><a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br><br><br></div> </div> </div> </div></body></html>