I had a few hacks into my asterisk boxes over the years. I now use Fail2ban which kicks out any hackers within a few SIP password attempts. My router is blocked against remote access and I only port forward the minimum SIP ports. I also block international calls on most trunks (using unlimitel) except on one trunk and give that a PIN code access only in my trunk route I only give access to friendly international dialling codes ie. 01144xx. Another possible hack uses the "S" default for incoming calls. I close this off by routing all none identified DIDs to hang-up. If you are using Freepbx GUI make sure that anominous calls are not allowed (general settings) Internal phones also allow only calls from a certain IP address and netmask. Make your SIP passwords to a very secure and long (you can use Upper and lower case as well as !@#$%^&*()><?+ ) There may be other things one can do, they still try to hack but usually give up after a few attempts. I usually send an email of the fail2ban log file to the hacks IT provider a few will reply saying they will be looking into it. These are usually ex-USSR country but the last hack attempt was from GAZA
Most hackers are looking for a free international calls and they can rack-up $50 worth of calls in a few minutes using 4 or 5 channels at once. Again if you are using Freepbx you can restrict the number of simultaneous outgoing calls from an extension. If anyone has information that can improve on the above procedures please share your information. Henry Henry L. Coleman ----- Forwarded Message ----- >From: StéphanMonette <[email protected]> >To: [email protected] >Cc: [email protected] >Sent: Monday, January 21, 2013 3:36:49 PM >Subject: Re: [on-asterisk] my Unlimitel SIP account is hacked again > >Roger, > >Just to make sure I didn't left my list of userids and passwords in some file >with Google or somewhere else, I would first login into the web portal and >reset my SIP and IAX passwords. > >I've seen a lot of people with their Hotmail, Gmail, Yahoo Mail accounts >hacked without them knowing about it. Sometimes; the hackers are getting the >userids and passwords from the saved emails you have left in your Gmail or >other free email services! They usually look for bank account data, but they >would sell any good information to anyone willing to pay for it including SIP >accounts info! > >In the past when I was working on the Unlimitel systems, we made sure the >username and passwords could not be guessed. We even stopped sending passwords >by email! And we would still see users having their passwords stolen because >they shared a Google drive (docs back then) with someone else who got their >google account hacked!!!! > >After Primus took over, they even went an extra step by blocking any IP that >would fail to register a SIP account to stop hackers from guessing Unlimitel >SIP passwords. > >The web portal is designed so that your browser do not cache any infos! The >passwords are not even listed in TEXT on the web portal to make sure customers >with some sort of virus or malware could spy on your data! So if the hackers >were able to make calls using your SIP credentials, this means they had the >right data on hand and never got blocked because they never failed the SIP >authentication. > >So I would suggest to reset your passwords (using the web portal) and do not >save your passwords list anywhere on your computer or cloud storage services. > >That should stop them. If not, use a different tools or softphone! > > >On 2013-01-21, at 3:20 PM, Mark Brown <[email protected]> wrote: > >> Roger, >> >> Is there a chance the phone was compromised? >> >> You didn't say what phone or app you were using. >> >> Android phones seem to have a swiss cheese security model, and many apps are >> not always as they seem..... >> I'm not sure the iPhones are much better. >> I've automatically discounted Windows phones.... :-) >> >> I have a remote ATA with Unlimitel, and I haven't had such a problem.... yet. >> >> /M >> >> On 1/21/2013 9:33 AM, Yajie wrote: >>> this has been pain in the ass. as soon as I make some international calls >>> for several days, my account will be hacked, hacker made a lot of calls to >>> high rate country in no time and my account will be blocked by Unlimitel. >>> this happened at least 5 times in last two years. my friend has same issue >>> too. interestingly, i didn't use asterisk to make calls recently, but a >>> SIP softphone on my cell phone. so there is no way hacker can hack into my >>> asterisk. I know unlimtel has much restrict password rule than any other >>> ITSP i used. but only unlimitel got hacked every time . Do you guys know >>> why? or i really should abandon Unlimitel's ship? Thanks! >>> >>> >>> Roger >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [email protected] >For additional commands, e-mail: [email protected] > > > >
