Q&A
Protecting asterisk from hackers
Aldevinas Katkus
2020-07-27
Operating system: macOS
As soon as I have installed asterisk I saw some hackers trying to break in to the system. Can someone recommend some guide to prevent hackers getting in by using bruteforce attacks?
Reply
Paul Timms
2020-07-29
From my own experience:

- You should clearly have a firewall running on the server hosting Asterisk.

- fail2ban should be installed and active

- Port 5038 (Asterisk Manager Interface) should only be open to the server running Standard ERP, if it's not on the same server.

- Port 5060 is the standard SIP client port, and is often attacked. It is recommended to change the SIP client port, however this is not currently possible in Standard ERP. This is registered as a wish and has been approved.

- Put a limit on the number of concurrent outgoing calls, a limit on the countries that can be called, and set a "per day" spending limit. This will prevent a hacker racking up a huge bill.
Reply
Aldevinas Katkus
2020-07-29
Created byPaul Timms13:21 29 July 2020
From my own experience: - You should clearly have a firewall running on the server hosting Asterisk. - fail2ban should be installed and active - Port 5038 (Asterisk Manager Interface) should only be open to the server running Standard ERP, if it's not
Thanks. Fail2ban does not always help (maybe it is already fixed, don't know) https://forums.asterisk.org/viewtopic.php?p=159984:

It is also worth mentioning, if people used type=peer instead of type=friend, none of these attacks would have a chance of succeeding as type=peer forces registration which fail2ban already knows how to protect.
Reply
Leave Comment
You can subscribe to notifications for this post by selecting the 'star' icon on the top right corner of the post.
Back to the list
Latest Posts
Use External Mail Software
Piotr Wycichowski
Hi, I checked option "Use External Mail Software" in setting "Mail and Conferences Settings" in module "Mail and Conferences". When I create an invoice email I have a ...
17:38 8 Aug 2025
Webclient in version 8.5 250507/85558691 - how to set it up?
Piotr Wycichowski
Hi, Is somebody experienced in necessary settings for successful connection to server using webclient. When I tried, I got warning in brower, that Web client settings for HTTPS is not setup. So I ...
12:59 21 July 2025