Gibran27703
New Member
- Joined
- Feb 10, 2008
- Messages
- 88
- Reaction score
- 0
Hello Group -
I have been cleaning and locking my system down, some people here also helped me understand some suspicious entries on my system I noticed recently.
My system is running in my shed with dedicated circuit, I typically manage it remotely from the house via cable modem connection.
Tuesday night I was unable to SSH or get to FreePBX menus, I thought it might be hung process. I decided to check on it in the morning. The next day I walked to the server and tested outbound connectivity, all fine. I started to panic but I had to run to work. Wednesday night I did not get to it, today I left work early to jump on it. I hit my little data center and logged into the server, I checked some logs and all seemed fine
Then I decided to look at iptables, well well well, my darn home IP address was in the table and blocked
WTF...I decided to reboot in case I did something stupid, did that and went home (walking across the yard). I tried to get in still no luck, I decided it was time to search this forum for fail2Ban threads.
I read and read, then I read a thread about fail2ban blocking an internal extension and a big ASS light flashed in my face -
I realized part of my locking down effots was updating the extension passwords, one think I forgot to do was change the password on Zoiper which was running in the background on my laptop
The client was trying to log-in with the old password, and fail2ban was doing what it supposed to do: blocking an attemp on my belove PBXinaFLASH.
So I'm really glad it was not a hacking attempt, it was me not thinking
Nabil
I have been cleaning and locking my system down, some people here also helped me understand some suspicious entries on my system I noticed recently.
My system is running in my shed with dedicated circuit, I typically manage it remotely from the house via cable modem connection.
Tuesday night I was unable to SSH or get to FreePBX menus, I thought it might be hung process. I decided to check on it in the morning. The next day I walked to the server and tested outbound connectivity, all fine. I started to panic but I had to run to work. Wednesday night I did not get to it, today I left work early to jump on it. I hit my little data center and logged into the server, I checked some logs and all seemed fine
Then I decided to look at iptables, well well well, my darn home IP address was in the table and blocked WTF...I decided to reboot in case I did something stupid, did that and went home (walking across the yard). I tried to get in still no luck, I decided it was time to search this forum for fail2Ban threads. I read and read, then I read a thread about fail2ban blocking an internal extension and a big ASS light flashed in my face -
I realized part of my locking down effots was updating the extension passwords, one think I forgot to do was change the password on Zoiper which was running in the background on my laptop
The client was trying to log-in with the old password, and fail2ban was doing what it supposed to do: blocking an attemp on my belove PBXinaFLASH.So I'm really glad it was not a hacking attempt, it was me not thinking
Nabil
Phone System 