New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Some ONE tries to hack my asterisk voip server
asterisk14
Member
Some ONE tried to hack my asterisk voip server today, it's only been online for 4 days! They tried to call the Zionist colonialist racist apartheid state known as Israel.
Can someone help me lock down my server?
Comments
@DanielM is that you? I'm pretty sure you're either the same person or brothers. ;-)
Maybe it was these guys http://www.veteranstoday.com/2012/11/08/911-dancing-israelis-phony-lawsuit/
More importantly >> how do I lock it down. I think I opened up all the ports as I was following a guide on the internet and typed this in :-
echo "SELINUX=disabled" > /etc/selinux/config
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -X
/etc/init.d/iptables save
Use CSF (http://configserver.com/cp/csf.html) to configure iptables and only allow the ports you need.
@peppr - looked at the site, but since I have very little experience of linux, I don't even understand how I'm meant to run the CFS thing
What is the purpose of your asterisk server? A firewall won't help you if it's meant to be accessible from the public internet.
If it's meant to be accessible from the public internet then you'll need to enable authentication for your peers/clients/devices.
If it's not, then you can still enable authentication (good practice, but not required) and restrict the subnets from which your peers/clients/devices can access the asterisk service.
@ivanfilippov - It is a voip server, through which I route telephone calls, public access, that how I access it. I opened up all the ports so I wouldn't have any problems as they are a PITA to sort out and wanted to make sure it was all working. Now I don't know how to close the ports etc.... I followed a cut and paste guide from the internet to set it up:-1
I've set up a login and password for each phone line, but I don't understand how this guy logged in and tried to use it to phone Israhell, unless he just guessed the login, at the time it was username 101, password 101 LOL
From the log above I can't see him 'logging in'. The 101 line was online from 0813, but that was me and after that 101 is not logged in.
The don't try to hack your server.
They only to randomly use your server as a VOIP gateway.
They hope that your public extension can be used to call that number.
For all available extension, you can see in extensions.conf.
For public extension, you can see in [public] section in that file.
You don't need to login to asterisk to use public extension.