Board logo

標題: Elastix hack [打印本頁]
作者: hklkf    時間: 2013-11-23 04:05     標題: Elastix hack

today check elastix logs other ip hack to my elastix

elastix hack.JPG

圖片附件: elastix hack.JPG (2013-11-23 04:05, 93.53 KB) / 下載次數 549
http://www.telecom-cafe.com/forum/attachment.php?aid=2960&k=56e5a2b005a4b5353adca9b7c5439b22&t=1714238427&sid=I6Y60z

作者: alang    時間: 2013-11-23 15:16

Don't expose any ports on your Asterisk server to the Internet.
作者: 電腦超人    時間: 2013-11-23 16:00

又是巴基斯坦那邊......

最近那邊好像有不少入侵人家的VoIP Server跡象......
我的log中有不少也是那邊的......
作者: 浮雲1965    時間: 2013-12-2 12:10

有沒有裝fail2ban?
作者: 浮雲1965    時間: 2013-12-2 12:37

我看了我的log, 是不是也是有人想試我的呢?
                
[2013-12-02 04:54:01] NOTICE[3425][C-00000e54] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=4e5bffdf
                         
[2013-12-02 04:54:04] NOTICE[3425][C-00000e55] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=b0a863cb
                         
[2013-12-02 04:54:05] NOTICE[3425][C-00000e55] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=b0a863cb
                         
[2013-12-02 04:54:07] NOTICE[3425][C-00000e56] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=9f1bc731
                         
[2013-12-02 04:54:08] NOTICE[3425][C-00000e57] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=27a3cdef
                         
[2013-12-02 04:54:11] NOTICE[3425][C-00000e58] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=c2357353
                         
[2013-12-02 04:54:12] NOTICE[3425][C-00000e59] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=7de7ca06
                         
[2013-12-02 04:54:14] NOTICE[3425][C-00000e5a] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=18821cab
                         
[2013-12-02 04:54:17] NOTICE[3425][C-00000e5b] chan_sip.c: Failed to authenticate device test<sip:test@xxx.xxx.xxx.xxx>;tag=9975c9f2

上面的ip我×掉了,它是隔一段時間就出現一堆連續的5-6次。
作者: Qnewbie    時間: 2013-12-2 17:28

回復 5# 浮雲1965


    Yes, you are on the their target list. Block it!
作者: hklkf    時間: 2013-12-2 23:37

回復 4# 浮雲1965


    how to set fail2ban???
作者: hklkf    時間: 2013-12-3 00:25

now
`i will disable elastix admin login ,if hack my admin login will show elastix nth.JPG

圖片附件: [admin login ] elastix nth.JPG (2013-12-3 00:24, 44.16 KB) / 下載次數 539
http://www.telecom-cafe.com/forum/attachment.php?aid=2994&k=7196bd2eb38c212a6f580678f70da107&t=1714238427&sid=I6Y60z

作者: 浮雲1965    時間: 2013-12-3 13:23

我目前的admin login是有set ip table的,只能固定的某ip可以登入。
這樣安全了嗎?
作者: 七彩小生    時間: 2013-12-15 17:51

唔想死的話, dont expose your http or https port to outside.
作者: hklkf    時間: 2013-12-18 19:10

i blocked  some function for elastix now is ok



歡迎光臨 電訊茶室 (http://www.telecom-cafe.com/forum/) Powered by Discuz! 7.2