Hello to all,
First I apologise if there in forum is allready same question and solution like this.
In firewall, fail2ban and access control of Fusionpbx ip is blocked but still I receive every second in fs_cli like this:
2021-04-30 01:12:22.148845 [WARNING] sofia_reg.c:1740 SIP auth failure (REGISTER) on sofia profile 'internal' for [480@xxx.xxx.xxx.xxx] from ip 62.210.10.196
2021-04-30 01:12:41.828913 [WARNING] sofia_reg.c:1795 SIP auth challenge (REGISTER) on sofia profile 'internal' for [208@xxx.xxx.xxx.xxx] from ip 62.210.10.196
2021-04-30 01:12:41.848899 [WARNING] sofia_reg.c:2932 Can't find user [208@xxx.xxx.xxx.xxx] from 62.210.10.196
P.S. I don't understans how can arrive in internal profile when IP is blocked already in iptables
Please help how I can block this IP or other IP with same attack of auth failure?
Thanks in advance for any help
First I apologise if there in forum is allready same question and solution like this.
In firewall, fail2ban and access control of Fusionpbx ip is blocked but still I receive every second in fs_cli like this:
2021-04-30 01:12:22.148845 [WARNING] sofia_reg.c:1740 SIP auth failure (REGISTER) on sofia profile 'internal' for [480@xxx.xxx.xxx.xxx] from ip 62.210.10.196
2021-04-30 01:12:41.828913 [WARNING] sofia_reg.c:1795 SIP auth challenge (REGISTER) on sofia profile 'internal' for [208@xxx.xxx.xxx.xxx] from ip 62.210.10.196
2021-04-30 01:12:41.848899 [WARNING] sofia_reg.c:2932 Can't find user [208@xxx.xxx.xxx.xxx] from 62.210.10.196
P.S. I don't understans how can arrive in internal profile when IP is blocked already in iptables
Please help how I can block this IP or other IP with same attack of auth failure?
Thanks in advance for any help
