[asterisk-users] Hacked

ContactTel Business lists at contacttel.com
Mon Apr 6 15:51:22 CDT 2009


ping www.songania.com
PING www.songania.com (89.248.168.176) 56(84) bytes of data.
64 bytes from 89.248.168.176: icmp_seq=1 ttl=49 time=131 ms

If you clicked on it you would of seen it shows info on the domain, that is
hosted on it.. ill bite back ;)

Then on bottom.. Owned By Al-Sharif

Al-sharif ? rings a bell.. but who knows.. iptables --block all the worls
minus what you want.. 




-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Jeff
LaCoursiere
Sent: April-06-09 4:29 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Hacked


Ok, I'll bite.  What does websiteoutlook have to do with it?

The IP mentioned is in the Netherlands:

% Information related to '89.248.168.0 - 89.248.168.255'

inetnum:        89.248.168.0 - 89.248.168.255
netname:        NL-ECATEL
descr:          AS29073, Ecatel LTD
country:        NL
admin-c:        EL25-RIPE
tech-c:         EL25-RIPE
status:         ASSIGNED PA
mnt-by:         ECATEL-MNT
mnt-lower:      ECATEL-MNT
mnt-routes:     ECATEL-MNT
source:         RIPE # Filtered

role:           Ecatel LTD
address:        Gyroscoopweg 2F
address:        1042AB Amsterdam
address:        Netherlands
abuse-mailbox:  abuse at ecatel.net
admin-c:        EL25-RIPE
tech-c:         EL25-RIPE
nic-hdl:        EL25-RIPE
source:         RIPE # Filtered

% Information related to '89.248.168.0/24as29073'

route:          89.248.168.0/24
descr:          AS29073 route object
origin:         as29073
mnt-by:         ECATEL-MNT
source:         RIPE # Filtered


j

On Mon, 6 Apr 2009, ContactTel Business wrote:

> http://www.websiteoutlook.com/www.songania.com
>
>
>
>
>
>
>
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Jeremy Mann
> Sent: April-06-09 3:55 PM
> To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
> Subject: [asterisk-users] Hacked
>
>
>
> Just FYI:
>
>
>
> IP address 89.248.168.176 has been trying to use the recently release SIP
> vulnerability in Asterisk to make outbound calls via our box.  They are
> running a bank account callback scam.
>
>
>
> Jeremy Mann
>
> Director of IT
>
> Texas Health Management Group
>
> Direct Line: 817-310-4956
>
> Main Line: 817-310-4999
>
> Helpdesk: 817-310-4999 x3
>
> Fax: 817-310-4990
>
> Email: jmann at txhmg.com
>
>
>
>
>
>  _____
>
> This e-mail, facsimile, or letter and any files or attachments transmitted
> with it contains information that is confidential and privileged. This
> information is intended only for the use of the individual(s) and
> entity(ies) to whom it is addressed. If you are the intended recipient,
> further disclosures are prohibited without proper authorization. If you
are
> not the intended recipient, any disclosure, copying, printing, or use of
> this information is strictly prohibited and possibly a violation of
federal
> or state law and regulations. If you have received this information in
> error, please notify Texas Health Management Group immediately at
> 1-817-310-4999. Texas Health Management Group, its subsidiaries, and
> affiliates hereby claim all applicable privileges related to this
> information.
>
>

_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users




More information about the asterisk-users mailing list