<p dir="ltr">Hello,</p>
<p dir="ltr">At the very least I would say need to install and configure fail2ban urgently, it block ips which try to authenticate and fail. This saves you from brute - force attacks.</p>
<p dir="ltr">Regards,</p>
<p dir="ltr">David</p>
<div class="gmail_quote">On Dec 24, 2014 2:19 AM, "Luis Daniel Lucio Quiroz" <<a href="mailto:luis.daniel.lucio@gmail.com">luis.daniel.lucio@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Dont worry, your are a target of a kiddy script. As you dont use<br>
numeric extensions, they wont authenticate. And as you are using<br>
multitenant, they should be targering the IP (as domain, for example<br>
<a href="mailto:100@1.1.1.1">100@1.1.1.1</a>) instead 100@yourdomain. So they wont be able to<br>
authenticate (if multidomain is on).<br>
<br>
CDR will still show the failled call. Its normal, FS is reporting a<br>
failed attempt.<br>
<br>
2014-12-22 17:55 GMT-05:00 Thomas Auge <<a href="mailto:auge@virtues.net">auge@virtues.net</a>>:<br>
> To eliminate the guessing, check the logs which route the calls took through the system. It should contain the clues you<br>
> need. You might need to up the log level a bit ...<br>
><br>
><br>
> On 22.12.2014 19:44, Lloyd Aloysius wrote:<br>
>> Fail2Ban is running in the system<br>
>><br>
>> I do not have any default dial plans or extensions.<br>
>><br>
>><br>
>><br>
>><br>
>><br>
>> On Mon, Dec 22, 2014 at 5:35 PM, Thomas Auge <<a href="mailto:auge@virtues.net">auge@virtues.net</a> <mailto:<a href="mailto:auge@virtues.net">auge@virtues.net</a>>> wrote:<br>
>><br>
>> Do you still have the external domain enabled? I think it routes external calls matching a specific number theme (<br>
>> ^(10[01][0-9])$ ) to the internal users through the pre-installed dialplan. It listens on different ports (5080/1).<br>
>> Config is in sip_profiles/external.xml and dialplan/public.xml.<br>
>><br>
>> I see an insane amount of brute force attempts against our PBX', so if there is a way to get anywhere, you can expect<br>
>> people to try it - over and over and over ... I can recommend fail2ban. :-)<br>
>><br>
>> Just guessing though, if I'm wrong, someone more knowledgeable will probably chime in. :)<br>
>><br>
>><br>
>> On 22.12.2014 19:16, Lloyd Aloysius wrote:<br>
>> > Hi All<br>
>> ><br>
>> > I have a multi domain setup. We receive calls from unknown extensions (eg: 100 , 101,1000,1007 etc ).But there is no<br>
>> > voice in it.<br>
>> ><br>
>> > We do not have any default extensions in the system and all default extensions removed from the system.<br>
>> ><br>
>> > Users are authenticated by alphanumeric (like an email username) Eg: <a href="mailto:mike@mydomain.com">mike@mydomain.com</a> <mailto:<a href="mailto:mike@mydomain.com">mike@mydomain.com</a>><br>
>> and passwords are very<br>
>> > complicated.<br>
>> ><br>
>> > How someone can call a user without authentication from these extensions?<br>
>> ><br>
>> > Please let me know how to solve this issue.<br>
>> ><br>
>> > Thanks Lloyd<br>
>> ><br>
>> ><br>
>> ><br>
>> ><br>
>> ><br>
>> > _________________________________________________________________________ Professional FreeSWITCH Consulting<br>
>> > Services: <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a> <mailto:<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>> <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
>> ><br>
>> > Official FreeSWITCH Sites <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a> <a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
>> ><br>
>> > FreeSWITCH-users mailing list <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a> <mailto:<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>><br>
>> > <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>> > UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>> ><br>
>><br>
>><br>
>> _________________________________________________________________________<br>
>> Professional FreeSWITCH Consulting Services:<br>
>> <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a> <mailto:<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>><br>
>> <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
>><br>
>> Official FreeSWITCH Sites<br>
>> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>> <a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
>> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
>><br>
>> FreeSWITCH-users mailing list<br>
>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a> <mailto:<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>><br>
>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
>> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>><br>
>><br>
>><br>
>><br>
>> _________________________________________________________________________<br>
>> Professional FreeSWITCH Consulting Services:<br>
>> <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
>> <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
>><br>
>> Official FreeSWITCH Sites<br>
>> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>> <a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
>> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
>><br>
>> FreeSWITCH-users mailing list<br>
>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
>> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
>><br>
><br>
><br>
> _________________________________________________________________________<br>
> Professional FreeSWITCH Consulting Services:<br>
> <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
> <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
><br>
> Official FreeSWITCH Sites<br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
> <a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
><br>
> FreeSWITCH-users mailing list<br>
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div>