Today I was hacked but caught it very quickly. This is the weird part, they hacked an IP Auth based account by simply knowing the account name.
How is this possible? I am running Asterisk 11.5.0. Now it's my fault I used a dictionary based account name but how did they bypass the set ip I had under the account for this host. This also happened with fail2ban running and I pay for Humbug . Nothing caught it. Its just chance that I happen to be in the CLI and noticed it. In a span of 30 minutes they had made over $200 worth of calls all to the same number . Anyone have any idea on this and any ideas on preventing this. John Bittner CTO [cid:image003.png@01CECB8D.765B3840] 380 US Highway 46, Suite 500 Totowa, NJ 07512 Phone: 201.806.2602 x2405 Fax: 201.806.2604 Cell: 973.390.1090 www.xaccel.net<http://www.xaccel.net/> CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information which should not be shared or forwarded. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the e-mail.
<<inline: image003.png>>
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users