Tag Archives: logs

How to Block Brute Force Attacks

IPinfo allows you to reliably identify important information about an abusive IP including City, Region and Country. It also provides abuse information that will allow you to report the abuse to the netblock owner, you will usually need to provide Firewall and/or event logs that detail the attack. In some instances the attack may have been made from an anonymous VPN service, they are unlikely to have any logs of who undertook the attack but may be able to block your IP address or IP Range from their network.

https://ipinfo.io/

It’s very useful to be able to block traffic based on the country its originating from, so many of the Brute Force attacks that we face on a daily basis originate from a small number of countries. Many popular Firewalls provide this feature either as standard or as part of an additional security service subscription.

Watchguard – Geolocation

Fortinet – Geo IP block list

Sophos Firewall – country-based firewall rule

SonicWall – Geo-IP filter

Smoothwall – GeoBlocking

Draytek – Country Object or Geo-Blocking

Untangle NG Firewall – geolocation

pfSense (with pfBlockerNG Package) – geo-blocking

3CX Version 11 – Service Pack 2 (Build 27588.780) Released

3CX Version 11 – Service Pack 2 (Build 27588.780) Released

Service Pack 2 introduces the following fixes and new features:

New Features

  • New: Added support for Windows 8 and Windows Server 2012. Previous releases of 3CX Phone System are unsupported on Windows 8 / Server 2012, and thus a new installation of SP2 is required on these OS.
  • New: Added support for Exchange Server 2013. For more information on configuring an Exchange Server 2013, review this blog post.
  • New: IP Whitelist for the Anti-Hacking module.
  • New: Blacklist is checked for WEB requests. When someone tries to connect to the web 3CX Management Console, 3CX MyPhone or provision a phone from a blacklisted IP, the request will be blocked, and the administrator is notified (if notifications are enabled).
  • New: Added support for the latest Cisco SPA 514G and 525G2 phones with the latest firmware. Please note, phones running firmware 7.4.9b need to be updated to version 7.5.2b before being upgraded to version 7.5.3. This applies to all Cisco phones.
  • New: SNOM can now be configured using Plug and Play. SNOM is now supported from the firmware version 8.7.3.15.

3CX MyPhone

  • Update: The Active Calls section in 3CX MyPhone has been redesigned. Users can only see their own calls by default. If allowed, they can see the calls to users in their group. The management group still sees everything.
  • Update: Conference calendar request (.ics) notifications are now sent even when the email server requires authentication.
  • Update: Dashes and () are stripped when an external conference number is added to the conference.
  • Fixed: A bug in 3CX MyPhone when adding callers which are on hold to a conference.
  • Fixed: The audio issues when creating conferences in 3CX MyPhone have been fixed.
  • Fixed: The bug which caused the Microsoft Outlook plugin to not create journal entries for incoming calls
  • Fixed: The organizer’s email address is now stored correctly when scheduling conference calls.
  • Fixed: The organizer of a conference is now informed when a user has accepted or declined the conference invitation and details are correctly retrieved from the calendar.
  • Fixed: When changing the language to Portuguese, 3CX MyPhone now loads in Portuguese.

3CX Phone System Server

  • Update: 3CX Phone System User Agent string now contains the version number.
  • Update: Added G729 Support for Patton Gateway Templates BRI devices which has fixed the audio issues.
  • Fixed: Caller ID is not retained when call is diverted (using 302 diversion header).
  • Fixed: Bug in 302 diversion header – Diversion header contents are now enclosed in <>
  • Fixed: Crash of 3CX Phone System caused by incorrectly configured Outbound Rules.
  • Fixed: Exception in Call History service when an email is sent to an invalid address.

IP Phone, PSTN Gateway and VoIP Provider Interoperability

  • New: Grandstream HT 701, 702, and 704 templates have been added to  main 3CX Phone System installer.
  • Update: Firmware auto-provisioning is removed in Grandstream templates.

3CX Web Reports

  • Update: Ring group reports have been moved to Advanced Call Reports.
  • Update: In the extension statistics, a limit of 10,000 call records has been hard coded which has sped up the report.
  • Fixed: Call Logs are properly generated on Italian language operating systems.
  • Fixed: Calls that breach SLA time are now shown correctly.
  • Fixed: Bug where the SLA breach time was not being observed and all calls where marked as breaching SLA.

3CX Management Console (Interface)

  • Update: Outbound rules page now shows the Extension Groups in the summary page.
  • Update: Added exception in the Windows Firewall for the 3CX Windows Management Console. This is required for the 3CX Firewall Checker.
  • Update: Moved configuration of the Billing Information from the top menu bar to the Advanced page.
  • Update: Server Activity Log now indicates when a packet is dropped because of a hacking attempt.
  • Update: Email notification sent to a 3CX Administrator or Operator extension when the 3CX Upgrade Insurance is about to expire.
  • Update: Improved general speed of Windows-based 3CX Management Console.
  • Update: Tagged license messages in the Server Activity Log.
  • Update: The size of the Abyss webserver log file has been minimalised as the file is now backed up and recreated.
  • Fixed: Service pack updating fails when Microsoft Management Console (MMC) is running on the computer.
  • Fixed: Provisioning of 3CXPhone for Windows, iPhone, and Android now sets the STUN server to the Public IP address of 3CX Phone System. (Note: Public IP Address needs to be configured).
  • Fixed: The 3CX VAD integration when text to speech project is deployed with characters containing an accent.
  • Fixed: IP blacklisted entries not completely removed causing a delay and high CPU usage on incoming calls.
  • Fixed: Crash in the Server Activity Log when logs are viewed in Google Chrome.
  • Fixed: There will no longer be any blank pages within the Server Activity Log.
  • Fixed: Log files were not being moved to backup folder and remained in the Logs folder. As a result this made the 3CX Management Console very slow and affected also the general performance of the computer.
  • Update: The 3CX Server Activity Log now shows INVITE and RE-INVITE SIP messages. These can be seen when Verbose is enabled.

3CX Log Viewer

  • Update: Gradual opening of logs to avoid high CPU usage.
  • Fixed: Various memory leaks.

3CX Backup and Restore

  • Fixed: The crash that occurs on Russian language Windows Operating Systems.
  • Fixed: Exception in 3CX Backup and Restore when a backup is made whilst a recording or a voicemail is in progress.
  • Fixed: 3CX Backup and Restore will now backup recordings when recordings path is not the default directory.
  • Fixed: The restore procedure will create recordings file structure in case it does not exist.

Wevtsvc.dll – Pre Service Pack 3 Revision History for Windows Server 2008 SP2, Windows Vista SP2 and Windows Small Business Server 2008 (SBS 2008)

Wevtsvc.dll – Pre Service Pack 3 Revision History for Windows Server 2008 SP2, Windows Vista SP2 and Windows Small Business Server 2008 (SBS 2008)

03-Feb-2012 – 6.0.6002.22791 – Wevtsvc.dll – x86/x64 – http://support.microsoft.com/kb/2673371 – “0xC0000244” Stop error occurs when the Security log reaches its maximum size in Windows Vista or in Windows Server 2008

04-Mar-2011 – 6.0.6002.22602 – Wevtsvc.dll – x86/x64 – http://support.microsoft.com/kb/2518874 – Windows Event Log service may crash in Windows Vista or in Windows Server 2008

09-Nov-2010 – 6.0.6002.22521 – Wevtsvc.dll – x86/x64 – http://support.microsoft.com/kb/2458331 – You cannot receive event notifications after you back up and then clear event logs in Windows Server 2008 or in Windows Vista

13-Jan-2010 – 6.0.6002.22311 – Wevtsvc.dll – x86/x64 – http://support.microsoft.com/kb/979471 – You cannot create an event in an event log in Windows Vista or in Windows Server 2008 if the source field contains a single quotation mark

16-Sep-2009 – 6.0.6002.22227 – Wevtsvc.dll – x86/x64 – http://support.microsoft.com/kb/973995 – You may lose some events when you subscribe to some events that are in multiple event logs on a computer that is running Windows Server 2008 or Windows Vista

30-Jun-2009 – 6.0.6002.22160 – Wevtsvc.dll – x86/x64 – http://support.microsoft.com/kb/972999 – Error message when you use Event Viewer to open an event log on a Windows Vista or a Windows Server 2008-based computer: “Event Viewer cannot open the event log or custom view”

28-May-2009 – 6.0.6002.22141 – Wevtsvc.dll – x86/x64 – http://support.microsoft.com/kb/971734 – Locale data is missing in the saved event logs if you archive the event logs on a computer that is running Windows Vista or Windows Server 2008 and that has an MUI for a non-English language installed

Watchguard XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.5.1 – CSP4 Build # 335367

Watchguard XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.5.1 – CSP4 Build # 335367

11.5.1 – CSP4 Build # 335367 Resolves the following issues:

BUG64669: Resolved a Firebox crash and reboot when using FireCluster.

BUG63793: Improved proxy debug logging when using FireCluster.

BUG63574: Proxy connections fail with logs showing: “failed to create new traffic spec” and “insert_tspec:XX index inuse?

BUG65026: Iked stack trace eip=0x080c4013 caused by Mobile VPN with IPSec connection.

BUG63860: snmpd memory leak

You can request 11.5.1 – CSP4 Build # 335367 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.