Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-10073

Fail2Ban - Missing regex in asterisk.conf filter - *Regression*

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 12
    • Fix Version/s: 12
    • Component/s: Fail2Ban
    • Labels:
      None
    • ToDo:
    • Asterisk Version:
      11
    • Distro Version:
      6.12.65-29
    • Distro:
      FreePBX Distro

      Description

      The asterisk.conf filter is missing a regex that catches the dial-through attempts that end in the bad-context dialplan section.

      These attacks are possible when the PBX accepts unauthenticated SIP calls and Guest is enabled.

      That section is pushing a WARNING in the log files with the keywords Friendly Scanner from followed by the attacker IP address.

      This is a quick and dirty method to pass the attacker IP address not available in other parts of the dialplan or from Asterisk logs.

      The RegEx should be as follows:

      
^(%(__prefix_line)s|\[\]\s*WARNING%(__pid_re)s:?(?:\[C-[\da-f]*\])? )Ext\. s: Friendly Scanner from <HOST>$

      Please restore the regex as it's the only method to ban 5kr1pt k1dd1e5 from poking the PBX.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                GameGamer43 Bryan Walters
                Reporter:
                corradomella Corrado Mella
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  NextupJiraPlusStatus

                  Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.