Forum

Unified Communications System

Help us to improve VitalPBX

Processing ...
USD

Fail to ban  

  RSS

novapcjau
(@novapcjau)
Estimable Member
Joined: 1 year ago
Posts: 104
26/11/2018 7:36 am  

Hello, I have a server that the intruder detector always restarts it, the intruder detector is disabled, and also the CPU usage of my VPS is all the time at 100% getting very slow and only has a trunk and an extension.
Do you have any updates that can solve this?


Quote
mrivera
(@ing-joserivera26)
Developer Admin
Joined: 1 year ago
Posts: 1047
26/11/2018 9:10 am  

what version of VitalPBX are you running?


ReplyQuote
novapcjau
(@novapcjau)
Estimable Member
Joined: 1 year ago
Posts: 104
26/11/2018 10:24 am  

2.1.0-6 


ReplyQuote
mrivera
(@ing-joserivera26)
Developer Admin
Joined: 1 year ago
Posts: 1047
27/11/2018 7:00 am  

You must to enable the fail2ban service, this will block to the attackers, also, you should check the Intrusion detection settings.


ReplyQuote
toxicfusion
(@toxicfusion)
Trusted Member
Joined: 6 months ago
Posts: 55
26/12/2018 10:53 pm  

same issue for me...  suddenly latest release has issues.   Customers complaining now due to high CPU. as causing dropped calls.

 

fail2ban running,  intrustion detection (same as fail2ban) is OK....  but tearing into CPU.  Doesnt seem as if by default logrotate is working. I have manually done it via logrotate -f /etc/logrotate.conf

 

 


ReplyQuote
toxicfusion
(@toxicfusion)
Trusted Member
Joined: 6 months ago
Posts: 55
27/12/2018 11:30 am  

-- Unit fail2ban.service has finished shutting down.
Dec 27 12:15:40 systemd[1]: Starting Fail2Ban Service...
-- Subject: Unit fail2ban.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit fail2ban.service has begun starting up.
Dec 27 12:15:41 fail2ban-client[24178]: 2018-12-27 12:15:41,128 fail2ban.server [24179]: INFO Starting Fail2ban v0.9.7
Dec 27 12:15:41 fail2ban-client[24178]: 2018-12-27 12:15:41,128 fail2ban.server [24179]: INFO Starting in daemon mode
Dec 27 12:15:44 firewalld[5119]: WARNING: ALREADY_ENABLED: rule '('-m', 'set', '--match-set', 'fail2ban-sshd', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' already is in 'ipv4:filter:ombu_fail2ban'
Dec 27 12:15:46 firewalld[5119]: WARNING: ALREADY_ENABLED: rule '('-m', 'set', '--match-set', 'fail2ban-sshd-ddos', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' already is in 'ipv4:filter:ombu_fail2ban'
Dec 27 12:15:48 firewalld[5119]: WARNING: ALREADY_ENABLED: rule '('-m', 'set', '--match-set', 'fail2ban-dropbear', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' already is in 'ipv4:filter:ombu_fail2ban'
Dec 27 12:15:49 firewalld[5119]: WARNING: ALREADY_ENABLED: rule '('-m', 'set', '--match-set', 'fail2ban-apache-auth', 'src', '-j', 'REJECT', '--reject-with', 'icmp-port-unreachable')' already is in 'ipv4:filter:ombu_fail2ban'

 

appears after awhile, fail2ban does start, then CPU drops down away from 100% and normalizes. At first, fail2ban failed to restart.

 

 


ReplyQuote
admin
(@dwiqu1m0)
Member Admin
Joined: 2 years ago
Posts: 73
27/12/2018 11:50 am  

If you have this problem, it is because you have a massive attack, check your firewall better and try to only allow IPs that you know.


ReplyQuote
mrivera
(@ing-joserivera26)
Developer Admin
Joined: 1 year ago
Posts: 1047
02/01/2019 8:06 am  

Someone already fix this issue?


ReplyQuote
dsmagghe
(@dsmagghe)
Eminent Member
Joined: 1 year ago
Posts: 27
11/01/2019 4:49 am  

well, struggling with this issue since ombutel, following script helps out, I know it is not the best solution, but I cronjob it every 6 hours and it helps. Since it is mostly the fail2ban database getting corrupted.

 

F2Blog="/var/log/fail2ban.log"
F2Bdb="/var/lib/fail2ban/fail2ban.sqlite3"

# Now let us clean up
echo "Stopping Fail2Ban Service"
sudo service fail2ban stop
echo "Truncating Fail2Ban Log File"
sudo truncate -s 0 $F2Blog
echo "Deleting Fail2Ban SQLite Database"
sudo rm $F2Bdb
echo "Restarting Fail2Ban Service"
sudo service fail2ban restart
echo "All Done"


ReplyQuote
Share:
  
Working

Please Login or Register