• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

Solved The IP has been blacklisted

Status
Not open for further replies.

Sergio Lourenco

Joined
Sep 23, 2017
Messages
2
Reaction score
0
Hi guys,
Do you know what to do here?

There is something happening what I believe to be someone trying to break into my system.
What can I do to block it and guarantee security in my network?



Blacklisted.JPG
Register.JPG
 
Yes, it happens frequently. Looks like you have set a high time-out period, which is good. If you see repeats, then block that IP for several years. You can block a range of IPs if you see any pattens.
 
We get about 100 a day. Is that still normal?
 
There is a a large scale SIP attacks worldwide, started into beginning of September.
You can eventually eliminate attacks by creating a whitelist in your router / firewall in front of your 3CX PBX, allowing connections to port 5060 (TCP & UDP) only from trusted IP addresses like VoIP providers and certain remote locations, if you have any.
3CX softphones and 3CX SBC use port 5090 (TCP & UDP) to communicate with 3CX PBX.
 
And be sure you are not using any passwords that are easy to guess. I've often seen IP addresses change incrementally along with the extension number they are trying to register.
 
We get about 100 a day. Is that still normal?
Hi @Sergio Lourenco ,
It isn't normal,but I had the same issue a few days back.
What I have done is I've blacklisted the whole IP range since we don't have any genuine communication from the IP range.
The attack that we used to get is from 5.62.XXX.XXX range. I went ahead and blocked 5.62.0.0/16.
Now we have no issues.
Additionally, you can block IP address individually too.

I have done the blocking at the 3cx level, if you wish you can block it at the router level, which is preferred more.
Also, I believe you have opened the port 5060 to the whole Internet, if that is the case it would be better to restrict the access to only those IP ranges which are supposed to contact you.

N.B - While Listing is always preferred over blacklisting, not to mention more secure!
Good day!
 
Hello @Sergio Lourenco

From the PBX side you can do the following:

Find Settings >>Security>>Anti-Hacking and divide each values by two, except the blacklist time interval, and the security barrier (green).
Set the blacklist time interval to a higher value such as 31536000 (1 year).
- in your firewall, filter the SIP port to allow only trusted sources, meaning your VoIP providers IP/range, and remote extensions (if any).

Blocking ranges of IPs can give you extra security but be sure that you don' t get any traffic that you need from any IP inside of these ranges.

You can find more information and instructions here.

Thank you
 
  • Like
Reactions: techdummy
Status
Not open for further replies.
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.