Hey,
This morning, i've recieved a mail from my sip provider with a bill of about 300 euro's.
Seems that my server is making a lot of calls towards sierra leone. Of course, i don't know anybody over there (I'm from Belgium).
When I check my call records in linuxmce, I see a lot of calls of about 12 seconds.
Any idea how I can solve this?
For the moment, I've just killed the whole server. :$
Hey,
use fail2ban
http://wiki.linuxmce.org/index.php/Fail2ban_-_A_tool_against_brute_force
Ahhh, fail2ban is already installed on it, but not activated for asterisk...
Will have a look this evening on it. Since I killed the server, a bit hard to reach it. ;)
Thanks already!
fail2ban sucks for asterisk.
use a firewall it better.
koffel (darkwizard) fail2ban is designed for this exact purpose and it works very well when configured properly.
J.
phenigma I would agree but I had it correctly installed..but fail2ban depends on iptables working correctly. I did see when I had fail2ban install that there were more attempts on asterisk then with out it..
personal option to you brononius is use a ext. firewall. you be better off.
brononius,
I had people trying to hack my asterisk as well. So far, they did not succeed.
Question: Did you manually configure any SIP accounts that have dial-out abilities? All the auto installed user in the system have a password that is not easily hacked without a LOT of tries. What I have found out so far is, they mainly try the default things, ie. 2-4 digit phone numbers where password equals phone number.