<div dir="ltr"><div>This little script has been doing a great job for us.<br></div><div><br></div><div>#!/bin/bash<br>publicIP=`/sbin/ifconfig eth0 | sed -En 's/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p'` <br>for ip in `grep "Can't find user" /usr/local/freeswitch/var/log/freeswitch/freeswitch.log | grep $publicIP | awk '{print $10}' | sort | uniq` ; do <br></div><div> /sbin/iptables -I INPUT -s $ip -m comment --comment "`date` $comment" -j DROP</div><div>done <br></div><div><br></div><div><br></div><div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font color="#888888"><div> <b>Jai Rangi</b><br><span>Cebod Technologies LLC dba DIDforSale/Cebod Telecom</span> </div> <div style="color:rgb(141,141,141);font-size:13px;padding:5px 0px"> <a href="tel:O%20949-471-0102" style="color:rgb(141,141,141);text-decoration:none" target="_blank">O 949-471-0102</a> <span style="color:rgb(69,102,142);display:inline-block">|</span> <span style="display:inline-block"><a href="tel:1-949-419-7634" style="color:rgb(141,141,141);text-decoration:none" target="_blank">C 949-<font color="#888888">419-7634</font></a></span> <span style="color:rgb(69,102,142);display:inline-block">|</span> <span style="display:inline-block"><a style="color:rgb(141,141,141);text-decoration:none">F 949-269-0449 / 949-232-1410</a></span> <span style="color:rgb(69,102,142);display:inline-block">|</span> <span style="display:inline-block"><a href="mailto:jprangi@didforsale.com" style="color:rgb(141,141,141);text-decoration:none" target="_blank">jprangi@didforsale.com</a></span> <span style="color:rgb(69,102,142);display:inline-block"></span> <span style="color:rgb(141,141,141);display:inline-block"><a href="http://www.didforsale.com" target="_blank">www.didforsale.com</a> |</span><span style="color:rgb(141,141,141);display:inline-block">2</span><span>472 Chambers Rd Ste 100, Tustin, CA 92780</span></div></font><img src="https://docs.google.com/uc?export=download&id=0Bz0cNflKgNsWQno1V3dQTzhNSUk&revid=0Bz0cNflKgNsWOFh1ZnMydnBtU1ZDLzZ2OHBMM2Y2bVQ3R1pFPQ"><br><br><br><br><br></div></div></div></div></div></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Jul 26, 2020 at 8:57 PM Don Hawkins <<a href="mailto:hawkins@hawkinsegroup.com">hawkins@hawkinsegroup.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div>Hey everyone!<br><br>So I have quite a few "security" features installed on the server, including custom IP banning methods using IP Tables, (fail2ban caused too many issues).</div><div><br>All endpoints on our system register via a domain, I'm looking for suggestions on how to block IP addresses that attempt to register with the IP address only.<br><br>In other words, every time the warning below is received I'd like to ban that particular IP or at least add it to a list somewhere.<br><br>WARNING: "You must define a domain called 'XXX.XXX.XX.XXX' in your directory and add a user with the id"</div><div><br>I'm thinking of a custom script that scans the logs (which logs?)<br><br>Any advice is appreciated.<br><br>Thanks!<br><br></div><div dir="ltr"><span style="color:rgb(102,102,102)"><span><a value="+12146991224"></a></span></span></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
_________________________________________________________________________<br>
<br>
The FreeSWITCH project is sponsored by SignalWire <a href="https://signalwire.com" rel="noreferrer" target="_blank">https://signalwire.com</a><br>
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.<br>
Build your next product on our scalable cloud platform.<br>
<br>
Join our online community to chat in real time <a href="https://signalwire.community" rel="noreferrer" target="_blank">https://signalwire.community</a><br>
<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a></blockquote></div>