Kicking spammers out of your Asterisk server

If you have your asterisk server connected to the public internet, there always will be some bad boys trying to brute-force into your PBX.

A few months before I found my asterisk server dead. Looking through the logs I was surprised to find that it was the spammers trying to brute force the password, eventually filling up the entire disk with error logs and crashing the server. Unfortunately that server operated on a single partition scheme with everything allocated for / .


[Sep 12 20:24:02] NOTICE[28190] chan_sip.c: Registration from '"249" ' failed for '37.8.53.84:10937' - No matching peer found
[Sep 12 20:24:02] NOTICE[28190] chan_sip.c: Registration from '"249" ' failed for '37.8.53.84:10937' - No matching peer found
[Sep 12 20:24:21] NOTICE[28190] chan_sip.c: Registration from '"497" ' failed for '37.8.53.84:5060' - No matching peer found
[Sep 12 20:24:21] NOTICE[28190] chan_sip.c: Registration from '"497" ' failed for '37.8.53.84:5060' - No matching peer found

Yesterday same thing happened again, but luckily I found it early enough to block it before it crashes the server.


iptables -I INPUT -s 37.8.53.84 -j DROP

I used iptables to filter out those garbage packets.
To view the blocked ip list use the following command.


iptables -n -L

It can be rather annoying when it comes to a production server where there are so many logs to inspect.
I recommend creating a script to automate the tasks if that is the case.

Leave a Reply

Your email address will not be published. Required fields are marked *