[asterisk-users] Is there a public blacklist of hackers' IP addresses?
Zeeshan Zakaria
zishanov at gmail.com
Tue Mar 24 06:06:08 CDT 2009
I am not really sure, but apparently they guessed a SIP username/password.
But what I don't understand is they even though I deleted that extension all
together, still 'sip show peers' showed that extension. Then I figured out
an easy to guess manager user and password, which I also deleted. I think it
all started from the manager user/password and they created an extension on
the server which 'sip show peers' would show as offline but would be making
calls successfully.
The IPs I had to block so far are:
213.136.96.104
88.151.100.167
85.17.141.101
212.34.138.12
On Tue, Mar 24, 2009 at 5:55 AM, Gordon Henderson <
gordon+asterisk at drogon.net <gordon%2Basterisk at drogon.net>> wrote:
> On Mon, 23 Mar 2009, Zeeshan Zakaria wrote:
>
> > Hi,
> >
> > In last one week I have seen two servers of our organization successfully
> > hacked and some other under attack from some other IP addresses. We would
> > block one IP address on our firewall and after a few hours, they would
> start
> > getting hits from some another IP address. When I checked them on
> whois.net,
> > they all were from Amsterdam. Surprisingly, I once had similar attack in
> the
> > past and it was also from an Amsterdam IP address. And they all blong to
> one
> > same organization.
> >
> > Seems like somebody in Amsterdam is really active in trying to hack
> asterisk
> > servers around the world.
>
> Are you willing to share details of the hack? Eg. Did they gain root
> access to the server? Did they exploit a bug in the web server to run
> code? Did they guess SIP username/password combinarions? Or something
> else?
>
> Gordon
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
--
Zeeshan A Zakaria
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090324/49613b1c/attachment.htm
More information about the asterisk-users
mailing list