Forum

Unified Communications PBX System

Help us to improve VitalPBX

Processing ...
USD

Fail to ban  

Page 1 / 2
  RSS

novapcjau
(@novapcjau)
Estimable Member
Joined: 2 years ago
Posts: 140
26/11/2018 7:36 am  

Hello, I have a server that the intruder detector always restarts it, the intruder detector is disabled, and also the CPU usage of my VPS is all the time at 100% getting very slow and only has a trunk and an extension.
Do you have any updates that can solve this?


Quote
mrivera
(@ing-joserivera26)
Developer Admin
Joined: 2 years ago
Posts: 1434
26/11/2018 9:10 am  

what version of VitalPBX are you running?


ReplyQuote
novapcjau
(@novapcjau)
Estimable Member
Joined: 2 years ago
Posts: 140
26/11/2018 10:24 am  

2.1.0-6 


ReplyQuote
mrivera
(@ing-joserivera26)
Developer Admin
Joined: 2 years ago
Posts: 1434
27/11/2018 7:00 am  

You must to enable the fail2ban service, this will block to the attackers, also, you should check the Intrusion detection settings.


ReplyQuote
toxicfusion
(@toxicfusion)
Trusted Member
Joined: 10 months ago
Posts: 78
26/12/2018 10:53 pm  

same issue for me...  suddenly latest release has issues.   Customers complaining now due to high CPU. as causing dropped calls.

 

fail2ban running,  intrustion detection (same as fail2ban) is OK....  but tearing into CPU.  Doesnt seem as if by default logrotate is working. I have manually done it via logrotate -f /etc/logrotate.conf

 

 


ReplyQuote
toxicfusion
(@toxicfusion)
Trusted Member
Joined: 10 months ago
Posts: 78
27/12/2018 11:30 am  

-- Unit fail2ban.service has finished shutting down.
Dec 27 12:15:40 systemd[1]: Starting Fail2Ban Service...
-- Subject: Unit fail2ban.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit fail2ban.service has begun starting up.
Dec 27 12:15:41 fail2ban-client[24178]: 2018-12-27 12:15:41,128 fail2ban.server [24179]: INFO Starting Fail2ban v0.9.7
Dec 27 12:15:41 fail2ban-client[24178]: 2018-12-27 12:15:41,128 fail2ban.server [24179]: INFO Starting in daemon mode
Dec 27 12:15:44 firewalld[5119]: WARNING: ALREADY_ENABLED: rule '('-m', 'set', '--match-set', 'fail2ban-sshd', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' already is in 'ipv4:filter:ombu_fail2ban'
Dec 27 12:15:46 firewalld[5119]: WARNING: ALREADY_ENABLED: rule '('-m', 'set', '--match-set', 'fail2ban-sshd-ddos', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' already is in 'ipv4:filter:ombu_fail2ban'
Dec 27 12:15:48 firewalld[5119]: WARNING: ALREADY_ENABLED: rule '('-m', 'set', '--match-set', 'fail2ban-dropbear', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' already is in 'ipv4:filter:ombu_fail2ban'
Dec 27 12:15:49 firewalld[5119]: WARNING: ALREADY_ENABLED: rule '('-m', 'set', '--match-set', 'fail2ban-apache-auth', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' already is in 'ipv4:filter:ombu_fail2ban'

 

appears after awhile, fail2ban does start, then CPU drops down away from 100% and normalizes. At first, fail2ban failed to restart.

 

 


ReplyQuote
Rodrigo Cuadra
(@dwiqu1m0)
Member Admin
Joined: 2 years ago
Posts: 100
27/12/2018 11:50 am  

If you have this problem, it is because you have a massive attack, check your firewall better and try to only allow IPs that you know.


ReplyQuote
mrivera
(@ing-joserivera26)
Developer Admin
Joined: 2 years ago
Posts: 1434
02/01/2019 8:06 am  

Someone already fix this issue?


ReplyQuote
dsmagghe
(@dsmagghe)
Eminent Member
Joined: 2 years ago
Posts: 27
11/01/2019 4:49 am  

well, struggling with this issue since ombutel, following script helps out, I know it is not the best solution, but I cronjob it every 6 hours and it helps. Since it is mostly the fail2ban database getting corrupted.

 

F2Blog="/var/log/fail2ban.log"
F2Bdb="/var/lib/fail2ban/fail2ban.sqlite3"

# Now let us clean up
echo "Stopping Fail2Ban Service"
sudo service fail2ban stop
echo "Truncating Fail2Ban Log File"
sudo truncate -s 0 $F2Blog
echo "Deleting Fail2Ban SQLite Database"
sudo rm $F2Bdb
echo "Restarting Fail2Ban Service"
sudo service fail2ban restart
echo "All Done"


ReplyQuote
toxicfusion
(@toxicfusion)
Trusted Member
Joined: 10 months ago
Posts: 78
24/04/2019 6:52 am  
Posted by: dsmagghe

well, struggling with this issue since ombutel, following script helps out, I know it is not the best solution, but I cronjob it every 6 hours and it helps. Since it is mostly the fail2ban database getting corrupted.

 

F2Blog="/var/log/fail2ban.log"
F2Bdb="/var/lib/fail2ban/fail2ban.sqlite3"

# Now let us clean up
echo "Stopping Fail2Ban Service"
sudo service fail2ban stop
echo "Truncating Fail2Ban Log File"
sudo truncate -s 0 $F2Blog
echo "Deleting Fail2Ban SQLite Database"
sudo rm $F2Bdb
echo "Restarting Fail2Ban Service"
sudo service fail2ban restart
echo "All Done"

Thank you for this tip.  Fixed issue I was having with one of my VPS's.... fail2ban was consuming 95-100% cpu for no reason.  I'll keep eye on it for next few days.


ReplyQuote
kbohannon
(@kbohannon)
Eminent Member
Joined: 4 months ago
Posts: 34
02/06/2019 1:55 pm  

When I am viewing asterisk -rvv on some of mays servers I am seeing hundreds of password guesses by a single IP. Fail2Ban is configured -1 to ban forever. Is the asterisk-vpbx jail not working? Do I need to change something in jail.local to get this to work? SSH I simply drop; it's brute force SIP password guesses I am getting hammered by, and Fail2Ban doesn't seem to do anything. 


ReplyQuote
mrivera
(@ing-joserivera26)
Developer Admin
Joined: 2 years ago
Posts: 1434
03/06/2019 9:06 am  

kbohannon what version of VitalPBX are you using it? 


ReplyQuote
kbohannon
(@kbohannon)
Eminent Member
Joined: 4 months ago
Posts: 34
03/06/2019 2:34 pm  

The latest. Here's a screenshot. This is happening on several of my servers. I really wish I could just put in an IP somewhere in the GUI and have it be blacklisted everywhere.


ReplyQuote
mrivera
(@ing-joserivera26)
Developer Admin
Joined: 2 years ago
Posts: 1434
04/06/2019 9:09 am  

May you check the status of Fail2ban service

systemctl status fail2ban

if is running try to restart

systemctl restart fail2ban

ReplyQuote
kbohannon
(@kbohannon)
Eminent Member
Joined: 4 months ago
Posts: 34
04/06/2019 2:58 pm  

No effect. Thoughts? Fail2Ban seems to be not doing anything.


ReplyQuote
Page 1 / 2
Share:
  
Working

Please Login or Register