Hey guys, I've been running asterisk on my server for some time now (currently running Asterisk 1.6.2.0). I am having security issues with my SIP accounts. Unauthorized people have been able to access the server (bots) and they have been able to make calls (in today's case to Cuba).
Here's a copy (slightly modified) of my sip.conf: [general] context=default ; Default context for incoming calls videosupport=yes rtcachefriends=yes autocreatepeer=no t38pt_udptl=yes allowoverlap=no udpbindaddr=0.0.0.0 srvlookup=yes ;pedantic=yes disallow=all allow=alaw allow=ulaw allow=speex [1001] type=friend username=1001 secret=blah subscribecontext=default regexten=1001 callerid="blah" <XXXXXXXXXX> host=dynamic nat=yes canreinvite=no mailbox=1...@default registertrying=yes [testuser] type=friend secret=blah callerid="blah" <XXXXXXXXX> host=dynamic nat=yes qualify=yes allowsubscribe=yes canreinvite=no context=default [testuser2] type=friend username=testuser2 secret= callerid="blah" <blah> host=dynamic nat=yes qualify=yes allowsubscribe=yes canreinvite=no context=default Someone is able to connect to my server and make a call since they can access the default context. What should I do? Thanks guys! -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
