Thanks Gordon for your suggestions and advices. I changed the passwords same day, and was monitoring my system very closely. I also use a non standard port for SSH, and also plan to move my SIP port to a non standard one too in future. At this time things are ok, but I know that this problem is growing very fast, and hackers are after VoIP servers because they can do so much with them. I had to present a seminar few weeks ago on VoIP Security Threats, and while doing my own research, I was shocked to know how hackers are misusing VoIP technology. We definitely need to come up with some really good and effective solutions against these threats.
-- Zeeshan A Zakaria On Tue, Mar 24, 2009 at 2:01 PM, Roderick A. Anderson < raand...@cyber-office.net> wrote: > > > Wilton Helm wrote: > > If life were only that simple. A lot of hacking passes through > > unsuspecting intermediary computers, precisely to hide their tracks, not > > to mention IP spoofing. People have offered for sale access to 10,000 > > computers to use for propagating mischief. That's a lot of IPs to block! > > > > I got hacked about six months ago. They came in through SSH and figured > > out roots password, which was a concatenation of two English words. I > > presume they did a dictionary search. > > I used to get hit very hard with these type of attacks (hundreds to > thousands per day) on 25-30 servers until I added some iptables rules to > REJECT the offending IP for 5 minutes after three unsuccessful attempts > in 60 seconds. The attacks typically have dropped to less than five per > day. > > This means those that need access don't need to make _odd_ changes to > standard programs' setting and the rules do allow a whitelisting of > specific IPs. > > > \\||/ > Rod > -- > > Then they changed the password, > > replaced some key files and launched a denial of service attack against > > somebody (including compiling the program on my machine)! > > > > I traced the IP address to a Comcast customer in Indiana or something > > and notified Comcast, but haven't heard anything. Probably their > > customer never even knew it happened--it was probably a hijacked > situation. > > > > Prior to that I had been logging hundreds of robotic attacks a day that > > were unsuccessful! > > > > I re-installed everything and changed my SSH to a non-standard port and > > used a more robust password. I haven't had a single hack attempt the > > four months since. For my purposes, I don't really need SSH on a > > standard port. That made all the difference in the world. > > > > Two areas that have had large hacker presences in the past: Russia and > > China. A lot of E-Mail spam originates in those two areas, also. I've > > considered blocking the entire host domain for any provider generating > > spam from those regions, as I have no legitimate business need to > > correspond with people in those regions in general. However, I suspect > > it might block messages from a few users on this list, and I know it > > would block at least one user from another list I am on. > > > > Wilton > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > > > asterisk-users mailing list > > To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/mailman/listinfo/asterisk-users > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
_______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users