Anti-Hacking Breach - uptick

Discussion in '3CX Phone System - General' started by ian.watts, Sep 18, 2016.

Thread Status:
Not open for further replies.
  1. ian.watts

    ian.watts Active Member

    Joined:
    Apr 8, 2011
    Messages:
    532
    Likes Received:
    0
    For the last week or two, my email alerts about blocked IPs has rather blown up.
    Anybody else seeing many of these?

    Example:
    Code:
    Request from  52.16.197.48 are rejected/blocked by Anti hacking modue because of security breach 
    The IP 52.16.197.48 has been blacklisted for 201 sec.
    Reason: Requests rate is too high!
    
    Somewhat odd.. the duration varies between address.. but the settings don't really reflect these values at all.

    Anyway, I'm starting to clamp down on firewall rules to block inbound SIP for most of the world.. considering just allowing to the SIP provider(s) and forcing a tunnel for remote extensions (via softphone and via SBC for handset).

    Given I don't have any remote handsets outside of North America, I started with blocking most of IPv4 which isn't ARIN. Globetrotters won't be taking handsets, can provision their softphones to tunnel.
     
  2. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,362
    Likes Received:
    227
  3. pj3cx

    pj3cx Active Member

    Joined:
    Aug 1, 2013
    Messages:
    645
    Likes Received:
    1
    Hi there,
    Please open a support ticket so that we can review your logs and help further on this.

    In the meantime, some prevention steps can be taken from your side
    - in the Settings / Security / Anti-Hacking / divide each values by two, except the blacklist time interval, and the security barrier (green). Set the blacklist time interval to a higher value such as 31536000 (1 year).
    - in your firewall, filter the SIP port to allow only trusted sources, meaning your VoIP providers IP/range, and remote extensions (if any).
    - validate, restart services.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.