Gateway IP being blacklisted

Discussion in '3CX Phone System - General' started by engin411, Jul 15, 2014.

Thread Status:
Not open for further replies.
  1. engin411

    engin411 New Member

    Joined:
    Jul 3, 2009
    Messages:
    172
    Likes Received:
    0
    I have two ISP's. 3cx is using gateway1, and our regular http traffic uses gateway2. I am getting emails from my 3cx server saying The IP x.x.x.x has been blacklisted for 31556940 sec. Reason: Too many failed authentications!

    The IP listed is my gateway2. Is this indicating there are login attempts coming from who knows where via gateway2?
     
  2. coertvc

    Joined:
    Jan 23, 2014
    Messages:
    26
    Likes Received:
    0
    is the 3cx server using the second gateway maybe used for other OS related traffic, patches, stun resolving, DNS requests ?

    what you can try is to block traffic from and to the second IP on the firewall. what I did is only allowing traffic from the 3CX from and to the ISP, any other traffic (SIP related) is blocked/not permitted. so in that case I do get my OS patches, but no SIP authentications outside the provider range
     
  3. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,586
    Likes Received:
    252
    The 3CX server logs should give enough information as to "what" is trying to register to allow you to track down the "culprit".
     
  4. engin411

    engin411 New Member

    Joined:
    Jul 3, 2009
    Messages:
    172
    Likes Received:
    0
    I found I hadn't set my firewall properly to block nasty SIP traffic. I had only config'd the necessary port forwards to make 3CX work. I added a rule to block all SIP traffic, then added a rule above that one (higher priority) to allow all SIP traffic that originates from my 3CX server. That fixed the problem of nasty hackers trying to login to my 3CX server, while obviously allowing the good traffic to flow.
    Thanks guys.
     
Thread Status:
Not open for further replies.