[Asterisk-Users] asterisk@home scary log

Karl H. Putz kputz at columbus.rr.com
Thu Feb 10 09:17:20 MST 2005



>-----Original Message-----
>From: asterisk-users-bounces at lists.digium.com
>[mailto:asterisk-users-bounces at lists.digium.com]On Behalf Of Steven
>Critchfield
>Sent: Thursday, February 10, 2005 11:47 AM
>To: Asterisk Users Mailing List - Non-Commercial Discussion
>Subject: RE: [Asterisk-Users] asterisk at home scary log
>
>
>On Thu, 2005-02-10 at 10:56 -0500, Karl H. Putz wrote:
>> I had the system setup to allow http and ssh.
>>
>> The hack came in through ssh.
>
>I doubt you where hacked via ssh. Most likely you had your password
>brute force cracked.

That is what I meant to report to the list.  SSH was simply the transport
mechanism.


Karl

>
>> >-----Original Message-----
>> >[mailto:asterisk-users-bounces at lists.digium.com]On Behalf Of Christian
>> >Moller
>> >Sent: Thursday, February 10, 2005 10:39 AM
>> >Subject: Re: [Asterisk-Users] asterisk at home scary log
>> >your system? Through telnet or what?
>
>What moron still uses telnet these days?
>
>> >----- Original Message -----
>> >From: "Karl H. Putz" <kputz at columbus.rr.com>
>> >Subject: RE: [Asterisk-Users] asterisk at home scary log
>> >
>> >
>> >> You've likely been hacked.
>> >>
>> >> I have recently had a similar incident where a hacker guessed my root
>> >> password (MY BAD) and set up an ebay password skimming site.
>
>This is a good example of why ease of use is not always a good thing.
>Had you actually had to learn more before you had an install, you would
>have been through a text or two that mention password strengths.
>
>And not to disparage the creator/maintainer of Asterisk at home, but you
>really need to trust that your install was a little hardened before
>placing it on the network.
>--
>Steven Critchfield <critch at basesys.com>
>
>_______________________________________________
>Asterisk-Users mailing list
>Asterisk-Users at lists.digium.com
>http://lists.digium.com/mailman/listinfo/asterisk-users
>To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>





More information about the asterisk-users mailing list