is my test cloud pbx server hacked? *NEW FusionPBX user*

Status
Not open for further replies.

imcontreras

New Member
Dec 24, 2018
18
1
3
50
I'm trying to auto-provisioning a grandstream phone, extension 3001 is mine

extension 4559 and 100 and 4560 they are not mine. Does this mean my system is compromised? any immediate security tips

Screenshot 2019-04-01 17.01.03.png

Thanks!
 

ad5ou

Active Member
Jun 12, 2018
892
204
43
You are seeing the typical SIP hacking attempts port 5060 sees.
The default fusion install script will keep you fairly safe from those scans but there is always more you can do to tighten security.
 
  • Like
Reactions: imcontreras

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,070
577
113
You will also notice in thew messages column that there is only a single sip message from each, ie no response from the server. This indicates that fail2ban has already caught them and banned them.
 

Jonathan R.

New Member
Nov 3, 2017
14
3
3
33
By changing your SIP port on Internal Profile you'll block 100% of these automated attempt at your server. It won't block a targeted attack tho.
 
  • Like
Reactions: imcontreras

imcontreras

New Member
Dec 24, 2018
18
1
3
50
By changing your SIP port on Internal Profile you'll block 100% of these automated attempt at your server. It won't block a targeted attack tho.
I've tried but somehow it doesn't work, even if I change the port on voip innovation and fusionpbx, all communications still use 5060.
but my next step after figure out how the auto-provisioning works will be to external profile or change the port on the internal profile.

Thanks for the advice
 
Status
Not open for further replies.