Re: [asterisk-users] how to stop hacking of my server
2011/12/27 virendra bhati virbh...@gmail.com Hi list someone is trying to hack my server . Is there any way by whcih I can stop hacking of my server except iptables ? I want to stop on the basis of sip.conf account only. bcoz I can't apply iptables rules on server it's remote server of server provider and we used it for making voip call for customers. for the time been i have close all sip accounts. but can't stop for more then 1 days. I need your help *CLI log:- * [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318
Re: [asterisk-users] how to stop hacking of my server
Can you give an example how to set these oprion ... On Tue, Dec 27, 2011 at 1:43 PM, Leandro Dardini ldard...@gmail.com wrote: 2011/12/27 virendra bhati virbh...@gmail.com Hi list someone is trying to hack my server . Is there any way by whcih I can stop hacking of my server except iptables ? I want to stop on the basis of sip.conf account only. bcoz I can't apply iptables rules on server it's remote server of server provider and we used it for making voip call for customers. for the time been i have close all sip accounts. but can't stop for more then 1 days. I need your help *CLI log:- * [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for ' 62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register:
Re: [asterisk-users] how to stop hacking of my server
Yes, this is one of my entries: [trunk1] context=fromoutside type=friend deny=0.0.0.0/0.0.0.0 permit=34.2.10.24 qualify=yes 2011/12/27 virendra bhati virbh...@gmail.com Can you give an example how to set these oprion ... On Tue, Dec 27, 2011 at 1:43 PM, Leandro Dardini ldard...@gmail.comwrote: 2011/12/27 virendra bhati virbh...@gmail.com Hi list someone is trying to hack my server . Is there any way by whcih I can stop hacking of my server except iptables ? I want to stop on the basis of sip.conf account only. bcoz I can't apply iptables rules on server it's remote server of server provider and we used it for making voip call for customers. for the time been i have close all sip accounts. but can't stop for more then 1 days. I need your help -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] how to stop hacking of my server
Le 27/12/2011 16:04, Tim Nelson a écrit : - Original Message - On Mon, Dec 26, 2011 at 11:54 PM, virendra bhati virbh...@gmail.com wrote: Hi list someone is trying to hack my server . Is there any way by whcih I can stop hacking of my server except iptables ? [...] Odd nobody else mentioned it yet, so I'll do it... Check out fail2ban. [...] He said except iptables. fail2ban is iptables related ;-) -- Daniel -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] how to stop hacking of my server
With deny you'll deny all IP with permit you'll permit only your IP. Yes, it is mandatory to define both deny and permit. Leandro 2011/12/27 virendra bhati virbh...@gmail.com okay, So it is mandatory to define both permit and deny ? if I will update like [trunk1] context=fromoutside type=friend http://0.0.0.0/0.0.0.0 permit=34.2.10.24 qualify=yes So will it be fine or not ? Or it will get rest information from sip.conf general section ? On Tue, Dec 27, 2011 at 2:21 PM, Leandro Dardini ldard...@gmail.comwrote: Yes, this is one of my entries: [trunk1] context=fromoutside type=friend deny=0.0.0.0/0.0.0.0 permit=34.2.10.24 qualify=yes 2011/12/27 virendra bhati virbh...@gmail.com Can you give an example how to set these oprion ... On Tue, Dec 27, 2011 at 1:43 PM, Leandro Dardini ldard...@gmail.comwrote: 2011/12/27 virendra bhati virbh...@gmail.com Hi list someone is trying to hack my server . Is there any way by whcih I can stop hacking of my server except iptables ? I want to stop on the basis of sip.conf account only. bcoz I can't apply iptables rules on server it's remote server of server provider and we used it for making voip call for customers. for the time been i have close all sip accounts. but can't stop for more then 1 days. I need your help -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Thanks and regards Virendra Bhati +91-8885268942 Software Engineer -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] how to stop hacking of my server
- Original Message - On Mon, Dec 26, 2011 at 11:54 PM, virendra bhati virbh...@gmail.com wrote: Hi list someone is trying to hack my server . Is there any way by whcih I can stop hacking of my server except iptables ? I want to stop on the basis of sip.conf account only. bcoz I can't apply iptables rules on server it's remote server of server provider and we used it for making voip call for customers. Odd nobody else mentioned it yet, so I'll do it... Check out fail2ban. If you have peers or systems that you cannot restrict by IP and must leave relatively 'open', fail2ban will see the failed attempts, and after a configurable number of failures, will automatically add the offending IP to IPtables. See here: http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk --Tim -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] how to stop hacking of my server
I suspect nobody responded because this topic has been discussed over and over again. Search the mailing list archives. -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Administrator TOOTAI Sent: Tuesday, December 27, 2011 11:34 AM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] how to stop hacking of my server Le 27/12/2011 16:04, Tim Nelson a écrit : - Original Message - On Mon, Dec 26, 2011 at 11:54 PM, virendra bhati virbh...@gmail.com wrote: Hi list someone is trying to hack my server . Is there any way by whcih I can stop hacking of my server except iptables ? [...] Odd nobody else mentioned it yet, so I'll do it... Check out fail2ban. [...] He said except iptables. fail2ban is iptables related ;-) -- Daniel -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] how to stop hacking of my server
Thank you Leandro, Now i am able to register with fix IP. On Tue, Dec 27, 2011 at 3:10 PM, Leandro Dardini ldard...@gmail.com wrote: With deny you'll deny all IP with permit you'll permit only your IP. Yes, it is mandatory to define both deny and permit. Leandro 2011/12/27 virendra bhati virbh...@gmail.com okay, So it is mandatory to define both permit and deny ? if I will update like [trunk1] context=fromoutside type=friend http://0.0.0.0/0.0.0.0 permit=34.2.10.24 qualify=yes So will it be fine or not ? Or it will get rest information from sip.conf general section ? On Tue, Dec 27, 2011 at 2:21 PM, Leandro Dardini ldard...@gmail.comwrote: Yes, this is one of my entries: [trunk1] context=fromoutside type=friend deny=0.0.0.0/0.0.0.0 permit=34.2.10.24 qualify=yes 2011/12/27 virendra bhati virbh...@gmail.com Can you give an example how to set these oprion ... On Tue, Dec 27, 2011 at 1:43 PM, Leandro Dardini ldard...@gmail.comwrote: 2011/12/27 virendra bhati virbh...@gmail.com Hi list someone is trying to hack my server . Is there any way by whcih I can stop hacking of my server except iptables ? I want to stop on the basis of sip.conf account only. bcoz I can't apply iptables rules on server it's remote server of server provider and we used it for making voip call for customers. for the time been i have close all sip accounts. but can't stop for more then 1 days. I need your help -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Thanks and regards Virendra Bhati +91-8885268942 Software Engineer -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Thanks and regards Virendra Bhati +91-8885268942 Software Engineer -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] how to stop hacking of my server
On Mon, Dec 26, 2011 at 11:54 PM, virendra bhati virbh...@gmail.com wrote: Hi list someone is trying to hack my server . Is there any way by whcih I can stop hacking of my server except iptables ? I want to stop on the basis of sip.conf account only. bcoz I can't apply iptables rules on server it's remote server of server provider and we used it for making voip call for customers. Your iptables question has been answered, but I also wanted to comment on SIP account naming. Don't name them something obvious, particularly numbers, since they will be attacked constantly. Name your SIP peers something that isn't going to be in the standard attack scripts. We use letters.numbers format to name them. -- Carlos Alvarez TelEvolve 602-889-3003 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] how to stop hacking of my server
okay, So it is mandatory to define both permit and deny ? if I will update like [trunk1] context=fromoutside type=friend http://0.0.0.0/0.0.0.0 permit=34.2.10.24 qualify=yes So will it be fine or not ? Or it will get rest information from sip.conf general section ? On Tue, Dec 27, 2011 at 2:21 PM, Leandro Dardini ldard...@gmail.com wrote: Yes, this is one of my entries: [trunk1] context=fromoutside type=friend deny=0.0.0.0/0.0.0.0 permit=34.2.10.24 qualify=yes 2011/12/27 virendra bhati virbh...@gmail.com Can you give an example how to set these oprion ... On Tue, Dec 27, 2011 at 1:43 PM, Leandro Dardini ldard...@gmail.comwrote: 2011/12/27 virendra bhati virbh...@gmail.com Hi list someone is trying to hack my server . Is there any way by whcih I can stop hacking of my server except iptables ? I want to stop on the basis of sip.conf account only. bcoz I can't apply iptables rules on server it's remote server of server provider and we used it for making voip call for customers. for the time been i have close all sip accounts. but can't stop for more then 1 days. I need your help -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Thanks and regards Virendra Bhati +91-8885268942 Software Engineer -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] how to stop hacking of my server
Hello I use fail2ban, and works fine, Regards On Tue, Dec 27, 2011 at 1:54 AM, virendra bhati virbh...@gmail.com wrote: Hi list someone is trying to hack my server . Is there any way by whcih I can stop hacking of my server except iptables ? I want to stop on the basis of sip.conf account only. bcoz I can't apply iptables rules on server it's remote server of server provider and we used it for making voip call for customers. for the time been i have close all sip accounts. but can't stop for more then 1 days. I need your help *CLI log:- * [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' -
Re: [asterisk-users] how to stop hacking of my server
- Original Message - Le 27/12/2011 16:04, Tim Nelson a écrit : - Original Message - On Mon, Dec 26, 2011 at 11:54 PM, virendra bhati virbh...@gmail.com wrote: Hi list someone is trying to hack my server . Is there any way by whcih I can stop hacking of my server except iptables ? [...] Odd nobody else mentioned it yet, so I'll do it... Check out fail2ban. [...] He said except iptables. fail2ban is iptables related ;-) Ahhh, yes, it would probably have helped if I read the message in it's entirety. :) --Tim -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] how to stop hacking of my server
Yes Eric, I read the archive and found that all guys was saying another open sources project for protection on server like fail2ban. But I want security at configuration level only. As *Leandro* suggest permit and deny option of Sip.conf and *Carlos* suggest the naming process. like that someone suggest that naming should be the SIP phone MAC address. All these are the best for starting security at configuration level. thanks all who posted in this thread. I will used and try Fail2ban but on another server. On Tue, Dec 27, 2011 at 11:19 PM, Tim Nelson tnel...@rockbochs.com wrote: - Original Message - Le 27/12/2011 16:04, Tim Nelson a écrit : - Original Message - On Mon, Dec 26, 2011 at 11:54 PM, virendra bhati virbh...@gmail.com wrote: Hi list someone is trying to hack my server . Is there any way by whcih I can stop hacking of my server except iptables ? [...] Odd nobody else mentioned it yet, so I'll do it... Check out fail2ban. [...] He said except iptables. fail2ban is iptables related ;-) Ahhh, yes, it would probably have helped if I read the message in it's entirety. :) --Tim -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Thanks and regards Virendra Bhati +91-8885268942 Software Engineer -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] how to stop hacking of my server
Hi list someone is trying to hack my server . Is there any way by whcih I can stop hacking of my server except iptables ? I want to stop on the basis of sip.conf account only. bcoz I can't apply iptables rules on server it's remote server of server provider and we used it for making voip call for customers. for the time been i have close all sip accounts. but can't stop for more then 1 days. I need your help *CLI log:- * [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:20] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:21] NOTICE[1770]: chan_sip.c:22318 handle_request_register: Registration from '4411 sip:4411@204.152.194.246' failed for '62.141.54.169' - Wrong password [Dec 26 21:21:21]