返回列表 發帖

Elastix hack

today check elastix logs other ip hack to my elastix

elastix hack.JPG

Don't expose any ports on your Asterisk server to the Internet.
OSSLab Blog :: VoIP & IT Consultant

TOP

又是巴基斯坦那邊......

最近那邊好像有不少入侵人家的VoIP Server跡象......
我的log中有不少也是那邊的......

TOP

有沒有裝fail2ban?

TOP

我看了我的log, 是不是也是有人想試我的呢?
                
[2013-12-02 04:54:01] NOTICE[3425][C-00000e54] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=4e5bffdf
                         
[2013-12-02 04:54:04] NOTICE[3425][C-00000e55] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=b0a863cb
                         
[2013-12-02 04:54:05] NOTICE[3425][C-00000e55] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=b0a863cb
                         
[2013-12-02 04:54:07] NOTICE[3425][C-00000e56] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=9f1bc731
                         
[2013-12-02 04:54:08] NOTICE[3425][C-00000e57] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=27a3cdef
                         
[2013-12-02 04:54:11] NOTICE[3425][C-00000e58] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=c2357353
                         
[2013-12-02 04:54:12] NOTICE[3425][C-00000e59] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=7de7ca06
                         
[2013-12-02 04:54:14] NOTICE[3425][C-00000e5a] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=18821cab
                         
[2013-12-02 04:54:17] NOTICE[3425][C-00000e5b] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=9975c9f2

上面的ip我×掉了,它是隔一段時間就出現一堆連續的5-6次。

TOP

回復 5# 浮雲1965


    Yes, you are on the their target list. Block it!
RB750G, RB2011UAS-2HnD
IP01, A580IP, AT-610

TOP

回復 4# 浮雲1965


    how to set fail2ban???

TOP

now
`i will disable elastix admin login ,if hack my admin login will show elastix nth.JPG

TOP

我目前的admin login是有set ip table的,只能固定的某ip可以登入。
這樣安全了嗎?

TOP

唔想死的話, dont expose your http or https port to outside.

TOP

i blocked  some function for elastix now is ok

TOP

返回列表