Rank: 1

1^# 跳轉到 » 倒序看帖

字體大小: tT

發表於 2010-9-1 18:51 | 只看該作者

Block hackers attack

I read this

Just in case anyone is using Blockhosts
(http://www.aczoom.com/blockhosts/) with their Linux servers and
Asterisk here are the rules necessary to block invalid users:

"asterisk-NoPeer":
r'Registration from .* failed for \'{HOST_IP}\' - No matching peer
found',

"asterisk-NoAuth":
r'Registration from .* failed for \'{HOST_IP}\' - Username/auth name
mismatch',

"asterisk-NoPass":
r'Registration from .* failed for \'{HOST_IP}\' - Wrong password',

Just add these rules to your /etc/blockhosts.conf file.

角色

註冊會員

Rank: 2

2^#

發表於 2010-9-1 19:55 | 只看該作者

Thank ckleea for providing the information to us!

YH

TOP

ckleea

新手上路

Rank: 1

3^#

發表於 2010-9-1 20:56 | 只看該作者

I am trying to use this setting on my centos-asterisk

TOP

角色

註冊會員

Rank: 2

4^#

發表於 2010-9-1 22:33 | 只看該作者

本帖最後由角色於 2010-9-2 09:23 編輯

You meant your Asterisk always be attached by hackers?

YH

TOP

kermit

新手上路

Rank: 1

5^#

發表於 2010-9-2 03:53 | 只看該作者

There are a lot of hacker want to enum my extension. Everyday, I check my log file, I can see those information.

TOP

角色

註冊會員

Rank: 2

6^#

發表於 2010-9-2 06:58 | 只看該作者

That is why you hve to make your password very very long to get rid of those attacks.

YH

TOP

ckleea

新手上路

Rank: 1

7^#

發表於 2010-9-2 08:26 | 只看該作者

But the log will tell you which ip attacks your server. When you put the ips in the blacklist of hosts.allow. It will drops their connection.

TOP

bubblestar

新手上路

Rank: 1

8^#

發表於 2010-9-2 09:19 | 只看該作者

I am certain that hackers will change thier IPs frequently to invade their target system, not necessary using their own IP but making use of other innocent IP ranges on purpose resulting in  DoS (Denial of Service).

On the other hand, your log blacklist may become larger and larger someday later that will  also create certain degree of burgen on your own system.

Anyhow, doing something is better than doing nothing, at least in this stage.