Just to jump in on this, this just started happening to our system a couple days ago. (To the tune of 3GB of webserver access logs yesterday) Our server gives them a 403 for /yealink/ (and a 404 for everything else) - given that they're still trying to bruteforce it, it looks like I'm gonna be changing it to give them a 404. Looks like someone's making a big effort to find provisioning files though.
On Mon, Jun 17, 2019, 13:35 John Kiniston <[email protected]> wrote: > > > On Sun, Jun 16, 2019 at 3:37 PM John T. Bittner <[email protected]> wrote: > >> Anyone know how someone can hack an asterisk box and register with every >> single account on the box. >> >> This box only has 3 accounts, with very complex passwords. Have VoIP >> blacklist setup and fail2ban… >> > > I've seen this happen when web-based provisioning is used, I have seen > attempts to download configuration files off of my provisioning server > increase in frequency over the last two years. > > The 'Hacker' will do a get on /polycom /cisco /yealink /aastra /mitel etc, > If they get a valid response they will start enumerating mac addresses > > /polycom/0004F2018101.cfg > /polycom/0004F2018102.cfg > ... > /polycom/0004F2018109.cfg > > Then they will use any credentials gained in the download attack to place > calls, registering as needed. > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
