<a href="http://wiki.freeswitch.org/wiki/Fail2ban">http://wiki.freeswitch.org/wiki/Fail2ban</a><div><br></div><div><br><br>On Sunday, September 29, 2013, Sayyed Mohammad Emami Razavi wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div><div><div><div><div>Can anyone describe a way in FS to get rid of crawlers and hackers testing your PBX second by second on the internet?!<br></div>What is the problem? This is ls of my FS's sqlite db after some annoying behaviours of hackers and crawlers violently done:<br>
[root@freeswitch db]# ll<br>total 705580<br>-rw-r--r-- 1 root root 7168 Sep 29 13:20 callcenter.db<br>-rw-r--r-- 1 root root 14336 Sep 23 10:29 call_limit.db<br>-rw-r--r-- 1 root root 257024 Sep 29 13:56 core.db<br>
-rw-r--r-- 1 root root 5120 Sep 29 13:20 fifo.db<br>-rw-r--r-- 1 root root 98304 Sep 24 11:34 sofia_reg_sipinterface_2.db<br>-rw-r--r-- 1 root root 367616 Sep 25 18:31 sofia_reg_sipinterface_3.db<br>-rw-r--r-- 1 root root 500726784 Sep 29 13:56 sofia_reg_sipinterface_5.db<br>
-rw-r--r-- 1 root root 221003312 Sep 29 13:56 sofia_reg_sipinterface_5.db-journal<br>-rw-r--r-- 1 root root 16384 Sep 23 10:29 voicemail_default.db<br>[root@freeswitch db]# <br><br>sofia_reg_sipinterface_5.db belongs to the interface listening on 5060 port.<br>
<br></div>As you see sofia_reg_sipinterface_5.db exceed 500MB of size! and this db has crashed!<br></div>and leads to drop port 5060 of interfaces.<br><br></div><div>when i ask fs_cli about profiles it tells me:<br>+OK log level [7]<br>
freeswitch@internal> sofia status<br> Name Type Data State<br>=================================================================================================<br>
sipinterface_3 profile <a href="http://sip:mod_sofia@192.168.2.73:5080" target="_blank">sip:mod_sofia@192.168.2.73:5080</a> RUNNING (0)<br> voicemail_1 alias sipinterface_2 ALIASED<br>
voicemail_2 alias sipinterface_2 ALIASED<br> sipinterface_2 profile <a href="http://sip:mod_sofia@192.168.2.73:5070" target="_blank">sip:mod_sofia@192.168.2.73:5070</a> RUNNING (0)<br>
=================================================================================================<br>2 profiles 2 aliases<br><br></div><div><br></div>Which open source firewalls can handle automatically weird sip requests to ban?!<br>
<br></div>Sincerely yours, <br><div><div><div><div><div><div><br></div></div></div></div></div></div></div>
</blockquote></div>