If you are using FreePBX you should make sure that under the general settings the "Allow Anonymous Inbound SIP Calls?" is set to NOAlso change all the password/secrets on sip phones to at least an 8 char password. Use upper case, lower case numbers and letters. Extensions on a LAN should be set to NAT = No at the phone and within Freepbx/Asterisk. Lastly, install Fail2ban after beefing up the Linux root password. If you don't need to access to GUI remotely then disable it.(port 80) You can also disable the ports associated with FTP/SFTP, webmin,etc. Good Luck........ I know how it feels[?]
H On Mon, Aug 23, 2010 at 7:28 PM, Jason Rose <[email protected]> wrote: > Hey all, > > I was just hacked, and I cannot tell from where! I am looking thru logs and > I > see that calls were made (I caught it early so there werent many) but I > cannot > see from which profile in my users.conf they were made from. > > The callerid on the outbound calls was "new user" <905731xxxx> which is my > outgoing CID with a different name... Everytime the channel name was > SIP/s-b538c888 and it looks like he was dialing direct from "dialplan" - my > main > everyone context. > > When I found it he was sequential dialing 15754941xxx #s and I re-routed a > call > to my desk and it was a phishing scam for chemo federal credit union. > > > What can I do to gather more data on this and keep people out for good? > > Thanks, > Jason > -- *Henry L. Coleman* *http://dragnetics.com* <http://dragnetics.com>
