OK, well, I've disabled SSH/HTTP already so lets hope I will have my system working!
Best and thanks,
Christian
----- Original Message ----- From: "Karl H. Putz" <[EMAIL PROTECTED]>
To: "Asterisk Users Mailing List - Non-Commercial Discussion" <[email protected]>
Sent: Thursday, February 10, 2005 4:56 PM
Subject: RE: [Asterisk-Users] [EMAIL PROTECTED] scary log
I had the system setup to allow http and ssh.
The hack came in through ssh.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Christian Moller Sent: Thursday, February 10, 2005 10:39 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] [EMAIL PROTECTED] scary log
Hi, I've also been a little worried about the security. How did they connect to your system? Through telnet or what? Since I've disabled all such services. Best, Christian
----- Original Message ----- From: "Karl H. Putz" <[EMAIL PROTECTED]> To: "Jean-Louis curty" <[EMAIL PROTECTED]>; "Asterisk Users Mailing List - Non-Commercial Discussion" <[email protected]> Sent: Thursday, February 10, 2005 4:18 PM Subject: RE: [Asterisk-Users] [EMAIL PROTECTED] scary log
You've likely been hacked.
I have recently had a similar incident where a hacker guessed my root password (MY BAD) and set up an ebay password skimming site.
I noticed it when I got similar non-deliverable email messages.
Obviously, first change your password and then look at the /var/www/html
directory and see if there are unwelcome pages there. Also be sure to
check
who is logged in currently. I caught the (*%#@ SOB logged in and bounced
the bastard.
For what it's worth, the hacker's IP address was: 81.12.141.150.
Karl Putz
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jean-Louis curty Sent: Thursday, February 10, 2005 9:10 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [Asterisk-Users] [EMAIL PROTECTED] scary log
Hi everybody,
I'm testing [EMAIL PROTECTED] 0.4, looks great so far
I was working when I have been alerted by a bip comming from the * pc...
I connected a screen to it and saw that there was a message which looked like :
Message from [EMAIL PROTECTED] at Thu Feb 10 09:01:00 2005 ... asterisk1
so I stopped asterisk, type mail and got a strange mail saying that user [EMAIL PROTECTED] could not be reached and body was like if it was the result of commands ifconfig etc
unfortunally I don't have the message anymore but I went to the log
and saw this Feb 9 20:30:07 asterisk1 sendmail[10088]: j1A1U7mf010088: from=<[EMAIL PROTECTED]>, size=329, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, relay=asterisk1.local [127.0.0.1] Feb 9 20:30:07 asterisk1 sendmail[10071]: j1A1U7Q1010071: [EMAIL PROTECTED], ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30049, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (j1A1U7mf010088 Message accepted for delivery) Feb 9 20:30:07 asterisk1 sendmail[10077]: j1A1U7CY010077: [EMAIL PROTECTED], ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30068, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (j1A1U7Ns010089 Message accepted for delivery) Feb 9 20:30:17 asterisk1 sendmail[10094]: j1A1U7Ns010089: to=<[EMAIL PROTECTED]>, ctladdr=<[EMAIL PROTECTED]> (0/0), delay=00:00:10, xdelay=00:00:10, mailer=esmtp, pri=30348, relay=gsmtp171.google.com. [64.233.171.27], dsn=2.0.0, stat=Sent (OK 1107998984) Feb 9 20:30:17 asterisk1 sendmail[10093]: j1A1U7mf010088: to=<[EMAIL PROTECTED]>, ctladdr=<[EMAIL PROTECTED]> (0/0), delay=00:00:10, xdelay=00:00:10, mailer=esmtp, pri=30329, relay=gsmtp171.google.com. [64.233.171.27], dsn=2.0.0, stat=Sent (OK 1107998984)
the thing is i did not send any message to [EMAIL PROTECTED] nor to somebody at yahoo,
anybody got the same ? what can I do ??
thanks jl _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________
Asterisk-Users mailing list
[email protected]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
