I was an Extension of 11 digits like"1403XXXXXXX" with the same password, I guess it was a brute force attack. Thanks faiz
>was the hacked extension from 100-199 range ? or 1000-9999 ? Martin On Sun, Sep 6, 2009 at 6:50 PM, Faiz Rehman<[email protected]> wrote: > Hi > > IMy asterisk has been hacked my this IP "66.7.197.76". When i blocked this > ip from Linux Firewall then he tried to attack from 2nd IP "200.90.72.141". > He? fhound one my extension with a weak password and started dialing out. > Thanks > > Faiz > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > AstriCon 2009 - October 13 - 15 Phoenix, Arizona > Register Now: http://www.astricon.net > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > ? http://lists.digium.com/mailman/listinfo/asterisk-biz > ------------------------------ Message: 3 Date: Sun, 6 Sep 2009 21:47:55 -0400 From: Steve Totaro <[email protected]> Subject: Re: [asterisk-biz] Hacker's attack on Asterisk by thses addresses "66.7.197.76" and "200.90.72.141" To: Commercial and Business-Oriented Asterisk Discussion <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" On Sun, Sep 6, 2009 at 7:50 PM, Faiz Rehman <[email protected]> wrote: > Hi > > IMy asterisk has been hacked my this IP "66.7.197.76". When i blocked this > ip from Linux Firewall then he tried to attack from 2nd IP "200.90.72.141". > He fhound one my extension with a weak password and started dialing out. > Thanks > > Faiz > > > Since this is the biz list, I would expect that you are an ITSP? Why not only allow customer IPs and block the rest. If you cannot do that, why not add a alpha character to your extensions. Instead of 101, make it z101 or whatever. Bottom line, don't have weak credentials or firewall rules. -- Senior Systems and Network Administrator Triple Canopy, Inc., 2250 Corporate Park Drive, Suite 300 ph. +1.703.673.5191 mob.+1.240.938.1212 FAX.+1.703.673.1279 [email protected] -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20090906/77eb5c82/attachment-0001.htm ------------------------------ Message: 4 Date: Mon, 7 Sep 2009 14:50:32 +0100 From: Sam Tolu Koyejo <[email protected]> Subject: [asterisk-biz] FREE ROAMING DUAL IMSI SIM CARD To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset=windows-1252 Hello friends! This is introducing our new FREE ROAMING DUAL IMSI SIM CARD. YOU CAN NOW ENJOY FREE INTERNATIONAL ROAMING IN THE USA (United States of America) AND 200 OTHER COUNTRIES: FREE INTERNATIONAL ROAMING COUNTRIES: Albania, Algeria, Angola, Australia, Austria, Bahrain, Bolivia, Bosnia and Herzegovina, Brunei Darussalam, Burundi, Chad, Costa Rica, Croatia, Cyprus, Egypt, Estonia, Finland, France, Georgia, Germany, Greece, Guatemala, Hungary, Iran, Iraq, Ireland, Israel, Italy, Japan, Jordan, Kenya, South Korea, Latvia, Lebanon, Lithuania Luxembourg, Malawi, Malta, Mongolia, Montserrat, Netherlands, Nigeria, Norway, Poland, Portugal, Puerto Rico, Reunion Islands, Russian Federation, Rwanda, Saudi Arabia, Slovakia, South Africa, Spain, Sweden, Syria, Tanzania, Trinidad, Tobago, Turkey, Turkmenistan, Uganda, United Kingdom, United States, US Virgin Islands, Venezuela, Viet Nam, Yemen, Zambia. IT's A FAST SELLING SIM CARD? THOUSANDS HAVE ALREADY BEEN SOLD. LIMITED STOCK AVAILABLE. HURRY! SERIOUS ORDERS ONLY (Wholesalers): +44 792 42 99939 All the best Sam ------------------------------ Message: 5 Date: Mon, 7 Sep 2009 15:04:46 +0100 From: "Magnus Kelly" <[email protected]> Subject: Re: [asterisk-biz] FREE ROAMING DUAL IMSI SIM CARD To: "Commercial and Business-Oriented Asterisk Discussion" <[email protected]> Message-ID: <1d72026b146fc94890527f4d175634c85f3...@heartbeat.headquarters.mapesbury.com> Content-Type: text/plain; charset="us-ascii" And the connection to asterisk is? > -----Original Message----- > From: [email protected] [mailto:asterisk-biz- > [email protected]] On Behalf Of Sam Tolu Koyejo > Sent: 07 September 2009 14:51 > To: [email protected] > Subject: [asterisk-biz] FREE ROAMING DUAL IMSI SIM CARD > > Hello friends! > > > This is introducing our new FREE ROAMING DUAL IMSI SIM CARD. > YOU CAN NOW ENJOY FREE INTERNATIONAL ROAMING IN THE USA (United States > of America) AND 200 OTHER COUNTRIES: ------------------------------ Message: 6 Date: Mon, 7 Sep 2009 11:02:13 -0500 From: Martin <[email protected]> Subject: Re: [asterisk-biz] FREE ROAMING DUAL IMSI SIM CARD To: Commercial and Business-Oriented Asterisk Discussion <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1 On Mon, Sep 7, 2009 at 9:04 AM, Magnus Kelly<[email protected]> wrote: > And the connection to asterisk is? You can call your Asterisk with it ... Go through IVRs etc :) Martin ------------------------------ _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz End of asterisk-biz Digest, Vol 62, Issue 14 ******************************************** _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- AstriCon 2009 - October 13 - 15 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
