We found a forum post below and were wondering is this issue has been resolved in the latest release?
<b>A Word About Security.</b> VitalPBX includes both an IPtables firewall configurator for firewalld and a Fail2Ban intrusion detection setup that is impressive. Having said that, the IPtables firewall is activated but allows unrestricted SIP and web access with no rules to thwart SipVicious-style attacks. Unless you’re an expert in firewall design, we strongly recommend deployment of VitalPBX on a private LAN behind a hardware-based firewall or home router with no port forwarding. That will block intrusion attempts without encountering NAT problems which VitalPBX and Asterisk 13 now handle with ease.
Yes, On the latest versions of VitalPBX blocks the IP addresses of commons attackers by default, also, some automatized attackers like “SipVicious”, “sipcli”, “pplsip”, “sip-scan”, “friendly-scanner”, and so on.