[Asterisk-Users] asterisk@home scary log
Steven Critchfield
critch at basesys.com
Thu Feb 10 09:47:22 MST 2005
On Thu, 2005-02-10 at 10:56 -0500, Karl H. Putz wrote:
> I had the system setup to allow http and ssh.
>
> The hack came in through ssh.
I doubt you where hacked via ssh. Most likely you had your password
brute force cracked.
> >-----Original Message-----
> >[mailto:asterisk-users-bounces at lists.digium.com]On Behalf Of Christian
> >Moller
> >Sent: Thursday, February 10, 2005 10:39 AM
> >Subject: Re: [Asterisk-Users] asterisk at home scary log
> >your system? Through telnet or what?
What moron still uses telnet these days?
> >----- Original Message -----
> >From: "Karl H. Putz" <kputz at columbus.rr.com>
> >Subject: RE: [Asterisk-Users] asterisk at home scary log
> >
> >
> >> You've likely been hacked.
> >>
> >> I have recently had a similar incident where a hacker guessed my root
> >> password (MY BAD) and set up an ebay password skimming site.
This is a good example of why ease of use is not always a good thing.
Had you actually had to learn more before you had an install, you would
have been through a text or two that mention password strengths.
And not to disparage the creator/maintainer of Asterisk at home, but you
really need to trust that your install was a little hardened before
placing it on the network.
--
Steven Critchfield <critch at basesys.com>
More information about the asterisk-users
mailing list