twm.tips/fail2ban

If it appears your instance has crashed or froze and you can no longer gain access, it is likely due to the Intrusion Detection system built into FreePBX. When the service is running, attempts to compromise your system are logged. If the attempts exceed the Max Retry limit, the remote IP is blocked from accessing the system for the length of Ban Time. The number of attempts are reset after the Find Time is exceeded. We recommend this service always run, but this can cause problems when you are testing and building out a new server instance. As a result, it is best to turn off Intrusion Detection when you are first configuring your new server.

WARNING: Intrusion Detection DOES serve a legitimate purpose! Phone calling fraud is an old and still common attack against phone systems of all sorts. With the prevalence of VoIP ever increasing and services moving to the cloud environment, the risk is even more real. A single attacker with access to your production system can cause MANY THOUSANDS OF DOLLARS in call expenses for your company in a matter of minutes. Once you have completed your initial testing and configuration, you should be certain to resume the Intrusion Detection service for your protection. You can add any IP you require to the Intrusion Detection Whitelist to ensure mistakes made by one user on your network doesn't ban your entire network from the server.

Follow these instructions to temporarily disabled and/or whitelist your Public IP on the Intrusion Detection service: 0. Ensure that all previously configured endpoint devices are powered off, else continued failed authentication attempts from those devices will get you banned again before you have a chance to proceed! If you do not currently have access to your server instance, reboot it from the AWS EC2 console or use a computer or phone browser on a different network (for example, your cell phone on cellular data will have a different public IP) 1. Log into the FreePBX WebGUI and navigate to Admin > System Admin 2. On the System Admin page, choose Intrusion Detection from the sub-menu on the right 3. Click the Stop button on the Intrusion Detection page, click OK in the dialog confirming your choice if you wish to fully disable the service temporarily 4. You should also add your local network's PUBLIC IP address to the Whitelist, as the Intrusion Detection system will automatically start after a server reboot

DON'T FORGET TO ENABLE INTRUSION DETECTION AGAIN BEFORE PUTTING YOUR SERVER INTO PRODUCTION OR ADDING SIP TRUNKS! IF YOUR SERVER IS ALREADY IN PRODUCTION, SIMPLY WHITELIST YOUR PUBLIC IP INSTEAD!