dbaum
Guru
- Joined
- Jan 11, 2009
- Messages
- 124
- Reaction score
- 2
I am running a fresh install of Incredible PBX 12.0.76.6 in a VM at RentPBX. (PBX in a Flash Incredible PBX 11-12 with Incredible GUI (Centos 6.6)
I had 128 failed login attempts under "cron" user. I had to manually ban the IP address/
[2019-11-25 09:46:12] NOTICE[809]: manager.c:3211 authenticate: 95.217.35.13 tried to authenticate with nonexistent user 'cron'
[2019-11-25 09:46:12] NOTICE[809]: manager.c:3248 authenticate: 95.217.35.13 failed to authenticate as 'cron'
Now I am getting continuous messages:
[2019-11-25 09:41:11] NOTICE[32469]: acl.c:715 ast_apply_acl: Manager User ACL: Rejecting '176.106.46.97' due to a failure to pass ACL '(BASELINE)'
[2019-11-25 09:41:11] NOTICE[32469]: manager.c:3214 authenticate: 176.106.46.97 failed to pass IP ACL as 'admin'
[2019-11-25 09:41:11] NOTICE[32469]: manager.c:3248 authenticate: 176.106.46.97 failed to authenticate as 'admin'
[2019-11-25 09:41:13] NOTICE[32470]: acl.c:715 ast_apply_acl: Manager User ACL: Rejecting '176.106.46.97' due to a failure to pass ACL '(BASELINE)'
[2019-11-25 09:41:13] NOTICE[32470]: manager.c:3214 authenticate: 176.106.46.97 failed to pass IP ACL as 'admin'
[2019-11-25 09:41:13] NOTICE[32470]: manager.c:3248 authenticate: 176.106.46.97 failed to authenticate as 'admin'
[2019-11-25 09:41:14] NOTICE[32525]: acl.c:715 ast_apply_acl: Manager User ACL: Rejecting '176.106.46.97' due to a failure to pass ACL '(BASELINE)'
[2019-11-25 09:41:14] NOTICE[32525]: manager.c:3214 authenticate: 176.106.46.97 failed to pass IP ACL as 'admin'
[2019-11-25 09:41:14] NOTICE[32525]: manager.c:3248 authenticate: 176.106.46.97 failed to authenticate as 'admin'
[2
Yet, neither case resulted in Fail2Ban jailing offending IP - either temporarily or permanently.
I listed Fail2Ban jails and found onlly 3 were installed asterisk and ssh-iptables. Neither of these jails have any listed rules in IPTABLES. I added a chain to bad-actors to manually implement banning rules.
I examined the IPTABLEs contents. See attached file for contents.
DOES ANYONE ELSE HAVE THIS PROBLEM.
I had 128 failed login attempts under "cron" user. I had to manually ban the IP address/
[2019-11-25 09:46:12] NOTICE[809]: manager.c:3211 authenticate: 95.217.35.13 tried to authenticate with nonexistent user 'cron'
[2019-11-25 09:46:12] NOTICE[809]: manager.c:3248 authenticate: 95.217.35.13 failed to authenticate as 'cron'
Now I am getting continuous messages:
[2019-11-25 09:41:11] NOTICE[32469]: acl.c:715 ast_apply_acl: Manager User ACL: Rejecting '176.106.46.97' due to a failure to pass ACL '(BASELINE)'
[2019-11-25 09:41:11] NOTICE[32469]: manager.c:3214 authenticate: 176.106.46.97 failed to pass IP ACL as 'admin'
[2019-11-25 09:41:11] NOTICE[32469]: manager.c:3248 authenticate: 176.106.46.97 failed to authenticate as 'admin'
[2019-11-25 09:41:13] NOTICE[32470]: acl.c:715 ast_apply_acl: Manager User ACL: Rejecting '176.106.46.97' due to a failure to pass ACL '(BASELINE)'
[2019-11-25 09:41:13] NOTICE[32470]: manager.c:3214 authenticate: 176.106.46.97 failed to pass IP ACL as 'admin'
[2019-11-25 09:41:13] NOTICE[32470]: manager.c:3248 authenticate: 176.106.46.97 failed to authenticate as 'admin'
[2019-11-25 09:41:14] NOTICE[32525]: acl.c:715 ast_apply_acl: Manager User ACL: Rejecting '176.106.46.97' due to a failure to pass ACL '(BASELINE)'
[2019-11-25 09:41:14] NOTICE[32525]: manager.c:3214 authenticate: 176.106.46.97 failed to pass IP ACL as 'admin'
[2019-11-25 09:41:14] NOTICE[32525]: manager.c:3248 authenticate: 176.106.46.97 failed to authenticate as 'admin'
[2
Yet, neither case resulted in Fail2Ban jailing offending IP - either temporarily or permanently.
I listed Fail2Ban jails and found onlly 3 were installed asterisk and ssh-iptables. Neither of these jails have any listed rules in IPTABLES. I added a chain to bad-actors to manually implement banning rules.
I examined the IPTABLEs contents. See attached file for contents.
DOES ANYONE ELSE HAVE THIS PROBLEM.