On Wed, 2010-02-24 at 11:12 -0500, Robert Joly wrote:
> > Hi again. Yesterday we changed the password for this user
> > that was compromised, but last nigh around 1 o'clock i see
> > that there were another tries to call through our system.
> > Something is really going wrong. As Tony explained
Thanks a lot. Your explanation make me to feel happy now :) It is know
clear to me whole scene.
Thanks again!
On Wed, 2010-02-24 at 11:12 -0500, Robert Joly wrote:
> > Hi again. Yesterday we changed the password for this user
> > that was compromised, but last nigh around 1 o'clock i see
> > t
> Hi again. Yesterday we changed the password for this user
> that was compromised, but last nigh around 1 o'clock i see
> that there were another tries to call through our system.
> Something is really going wrong. As Tony explained this looks
> like something related with sipxproxy. The only
Thanks for reply and good explanation.
On Tue, 2010-02-23 at 05:07 -0500, Tony Graziano wrote:
> that looks like a proxy log. the call is being initiated from a user
> line, but the user is "xxx'd" out by you.
>
>
> Since the call is using TCP, my guess is that it is a remote user or a
> user wi
that looks like a proxy log. the call is being initiated from a user line,
but the user is "xxx'd" out by you.
Since the call is using TCP, my guess is that it is a remote user or a user
with softphone, and the user has been hacked.
Since the user has to pass through the proxy credentials in orde
Hi again. We have installed sipxecs-4.0.4-017289 on Centos 5.
This morning i saw a very strange records in my sipregister logs.
It looks that somebody is trying (or it registered successfully)
register and make calls through our system with one of our extension.
I checked on Call Details Records