[Asterisk-Users] asterisk@home scary log

Christian Moller uwv at mailsnare.net
Thu Feb 10 08:38:32 MST 2005 

Hi,
I've also been a little worried about the security. How did they connect to 
your system? Through telnet or what?
Since I've disabled all such services.
Best,
Christian


----- Original Message ----- 
From: "Karl H. Putz" <kputz at columbus.rr.com>
To: "Jean-Louis curty" <jlcurty at gmail.com>; "Asterisk Users Mailing List - 
Non-Commercial Discussion" <asterisk-users at lists.digium.com>
Sent: Thursday, February 10, 2005 4:18 PM
Subject: RE: [Asterisk-Users] asterisk at home scary log


> You've likely been hacked.
>
> I have recently had a similar incident where a hacker guessed my root
> password (MY BAD) and set up an ebay password skimming site.
>
> I noticed it when I got similar non-deliverable email messages.
>
> Obviously, first change your password and then look at the /var/www/html
> directory and see if there are unwelcome pages there.  Also be sure to 
> check
> who is logged in currently.  I caught the (*%#@ SOB logged in and bounced
> the bastard.
>
> For what it's worth, the hacker's IP address was: 81.12.141.150.
>
>
> Karl Putz
>
>>-----Original Message-----
>>From: asterisk-users-bounces at lists.digium.com
>>[mailto:asterisk-users-bounces at lists.digium.com]On Behalf Of Jean-Louis
>>curty
>>Sent: Thursday, February 10, 2005 9:10 AM
>>To: Asterisk Users Mailing List - Non-Commercial Discussion
>>Subject: [Asterisk-Users] asterisk at home scary log
>>
>>
>>Hi everybody,
>>
>>I'm testing asterisk at home 0.4,
>>looks great so far
>>
>>I was working when I have been alerted by a bip comming from the * pc...
>>
>>I connected a screen to it and saw that there was a message which
>>looked like :
>>
>>
>>Message from syslogd at asterisk1 at Thu Feb 10 09:01:00 2005 ...
>>asterisk1
>>
>>
>>
>>so I stopped asterisk, type mail and got a strange mail saying that
>>user xxxx at yahoo.com could not be reached and body was like if it was
>>the result of commands ifconfig etc
>>
>>unfortunally I don't have the message anymore but I went to the log
>>
>>and saw this
>>Feb  9 20:30:07 asterisk1 sendmail[10088]: j1A1U7mf010088:
>>from=<root at asterisk1.local>, size=329, class=0, nrcpts=1,
>>msgid=<200502100130.j1A1U7Q1010071 at asterisk1.local>, proto=ESMTP,
>>daemon=MTA, relay=asterisk1.local [127.0.0.1]
>>Feb  9 20:30:07 asterisk1 sendmail[10071]: j1A1U7Q1010071:
>>to=paym3now at gmail.com, ctladdr=root (0/0), delay=00:00:00,
>>xdelay=00:00:00, mailer=relay, pri=30049, relay=[127.0.0.1]
>>[127.0.0.1], dsn=2.0.0, stat=Sent (j1A1U7mf010088 Message accepted for
>>delivery)
>>Feb  9 20:30:07 asterisk1 sendmail[10077]: j1A1U7CY010077:
>>to=paym3now at gmail.com, ctladdr=root (0/0), delay=00:00:00,
>>xdelay=00:00:00, mailer=relay, pri=30068, relay=[127.0.0.1]
>>[127.0.0.1], dsn=2.0.0, stat=Sent (j1A1U7Ns010089 Message accepted for
>>delivery)
>>Feb  9 20:30:17 asterisk1 sendmail[10094]: j1A1U7Ns010089:
>>to=<paym3now at gmail.com>, ctladdr=<root at asterisk1.local> (0/0),
>>delay=00:00:10, xdelay=00:00:10, mailer=esmtp, pri=30348,
>>relay=gsmtp171.google.com. [64.233.171.27], dsn=2.0.0, stat=Sent (OK
>>1107998984)
>>Feb  9 20:30:17 asterisk1 sendmail[10093]: j1A1U7mf010088:
>>to=<paym3now at gmail.com>, ctladdr=<root at asterisk1.local> (0/0),
>>delay=00:00:10, xdelay=00:00:10, mailer=esmtp, pri=30329,
>>relay=gsmtp171.google.com. [64.233.171.27], dsn=2.0.0, stat=Sent (OK
>>1107998984)
>>
>>
>>the thing is i did not send any message to paym3now at gmail.com nor to
>>somebody at yahoo,
>>
>>
>>anybody got the same ? what can I do ??
>>
>>thanks
>>jl
>>_______________________________________________
>>Asterisk-Users mailing list
>>Asterisk-Users at lists.digium.com
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list