Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

Weird connection attempt in server log

Discussion in '3CX Phone System - General' started by daktur, Nov 16, 2015.

Thread Status:
Not open for further replies.
  1. daktur

    daktur New Member

    Joined:
    Oct 15, 2015
    Messages:
    230
    Likes Received:
    8
    Hi Everyone,

    I found many attemps of connection from different Extensions that doesn´t exist:
    16-nov-2015 13:10:05.278 [CM102001]: Authentication failed for AuthFail Recv Req REGISTER from 212.83.146.50:5088 tid=251891c5cab756455648ae3b Call-ID=1c5c9cc-d855641-5648ae3a@74.208.125.179:
    REGISTER sip:74.208.125.179:5060 SIP/2.0
    Via: SIP/2.0/UDP 212.83.146.50:5088;branch=z9hG4bK251891c5cab756455648ae3b;rport=5088
    Max-Forwards: 70
    Contact: "6146"<sip:6146@212.83.146.50:5088>
    To: "6146"<sip:6146@74.208.125.179:5060>
    From: "6146"<sip:6146@74.208.125.179:5060>;tag=251891c620fc
    Call-ID: 1c5c9cc-d855641-5648ae3a@74.208.125.179
    CSeq: 2 REGISTER
    Expires: 1800
    Proxy-Authorization: Digest username="6146",realm="3CXPhoneSystem",nonce="414d535c0c5a82cd02:3cc31366fe275097a578873e273131ff",uri="sip:74.208.125.179",response="8ffbb3440fce36a0aabfe5c9f536c1a7",algorithm=MD5
    User-Agent: VaxSIPUserAgent/3.1
    Content-Length: 0

    ; Reason: Credentials don't match, check that authorization-ID and password match the ones in extension settings
    16-nov-2015 13:09:47.231 [CM102001]: Authentication failed for AuthFail Recv Req REGISTER from 212.83.146.50:5086 tid=230571c5844556075648ae28 Call-ID=1c5834b-c855607-5648ae28@74.208.125.179:
    REGISTER sip:74.208.125.179:5060 SIP/2.0
    Via: SIP/2.0/UDP 212.83.146.50:5086;branch=z9hG4bK230571c5844556075648ae28;rport=5086
    Max-Forwards: 70
    Contact: "2850"<sip:2850@212.83.146.50:5086>
    To: "2850"<sip:2850@74.208.125.179:5060>
    From: "2850"<sip:2850@74.208.125.179:5060>;tag=230571c5da4c
    Call-ID: 1c5834b-c855607-5648ae28@74.208.125.179
    CSeq: 2 REGISTER
    Expires: 1800
    Proxy-Authorization: Digest username="2850",realm="3CXPhoneSystem",nonce="414d535c0c5a82ba68:f245ff72e451e9a78a986fe128664e2e",uri="sip:74.208.125.179",response="84c700f97b7ae6376cae890ae872e52b",algorithm=MD5
    User-Agent: VaxSIPUserAgent/3.1
    Content-Length: 0

    Is that correct? Should I ban this IP in the Anti hacker option?
     
  2. lneblett

    lneblett Well-Known Member

    Joined:
    Sep 7, 2010
    Messages:
    2,086
    Likes Received:
    64
    You will find that as time goes by there will be many attempts to hack into the system. You need to insure that all passwords are strong and that you have the parameters set up for the security to your liking. Yes, you can also blacklist the IP manually within 3CX or perhaps even in your router.
     
  3. Twobrothers

    Joined:
    Nov 18, 2015
    Messages:
    2
    Likes Received:
    0
    I am faced with this same problem.
     
  4. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    11,073
    Likes Received:
    323
    A long time back, I set the blacklist time-out very high, something in the order of 25,000 seconds. I also made sure that I got an email every time there was a blocked registration attempt. If there are repeated attempts from certain IPs, or IP ranges, I blacklist them permanently. Theses sorts of things still occur but over time there has been a drastic reduction.
     
Thread Status:
Not open for further replies.