[asterisk-users] Hacking

Jeff LaCoursiere jeff at stratustalk.com
Tue Jun 18 09:53:33 CDT 2019 

Our provisioning servers listen on a high numbered port.  We generally 
don't have any issues with scanning...

Cheers,

j

On 6/18/19 7:18 AM, John Runyon wrote:
> Just to jump in on this, this just started happening to our system a 
> couple days ago. (To the tune of 3GB of webserver access logs yesterday)
> Our server gives them a 403 for /yealink/ (and a 404 for everything 
> else) - given that they're still trying to bruteforce it, it looks 
> like I'm gonna be changing it to give them a 404.
> Looks like someone's making a big effort to find provisioning files 
> though.
>
> On Mon, Jun 17, 2019, 13:35 John Kiniston <johnkiniston at gmail.com 
> <mailto:johnkiniston at gmail.com>> wrote:
>
>
>
>     On Sun, Jun 16, 2019 at 3:37 PM John T. Bittner <john at xaccel.net
>     <mailto:john at xaccel.net>> wrote:
>
>         Anyone know how someone can hack an asterisk box and register
>         with every single account on the box.
>
>         This box only has 3 accounts, with very complex passwords.
>         Have VoIP blacklist setup and fail2ban…
>
>
>     I've seen this happen when web-based provisioning is used, I have
>     seen attempts to download configuration files off of my
>     provisioning server increase in frequency over the last two years.
>
>     The 'Hacker' will do a get on /polycom /cisco /yealink /aastra
>     /mitel etc, If they get a valid response they will start
>     enumerating mac addresses
>
>     /polycom/0004F2018101.cfg
>     /polycom/0004F2018102.cfg
>     ...
>     /polycom/0004F2018109.cfg
>
>     Then they will use any credentials gained in the download attack
>     to place calls, registering as needed.
>
>     -- 
>     _____________________________________________________________________
>     -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
>     Check out the new Asterisk community forum at:
>     https://community.asterisk.org/
>
>     New to Asterisk? Start here:
>     https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
>     asterisk-users mailing list
>     To UNSUBSCRIBE or update options visit:
>     http://lists.digium.com/mailman/listinfo/asterisk-users
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20190618/b5347f42/attachment.html>

More information about the asterisk-users mailing list