Sorry to hear this... A few notes from the voice of experience: Probable cause: hacked SIP password from an unauthorized IP address. problem could be an overly simplistic or nonexistent SIP secret. look at your logs and see what the source channel(s) are/is and shut that channel or channels down by changing the SIP password. There are probably more than a single IP address doing it, so IP blacklisting may not work... Instead can you whitelist legit addresses and shut out the remainders ?
Longer term: - go to IP authentication if possible. - run a cron job every hour making sure that passwords are not missing or too simple. Ron On 7/16/2012 8:59 AM, Tom Chadwin wrote: > Hello all > > It's finally happened, and our Astlinux box has been compromised, with many > premium/unauthorized calls being made. Would someone be willing to help out > diagnose what happened and rectify the vulnerability? Obviously, this can be > paid work. If anyone is interested, and can get back to me with a quote, I'd > very extremely grateful. > > Thanks > > Tom > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
