Someone making outbound calls with my server?
Posted: Sun Mar 01, 2015 6:25 amSo I've ran into a problem recently where extensions that I know are in use and show they are logged in from my IP are making massive outbound calls, I was hoping someone could help me out with this and explain what could be happening... I know there are hackers out there who love to get a hold of machines and place outbound calls to overseas because for my server it's a long distance or even local call where as to them it would be international, but nobody wants them getting in and using their stuff. So here is the message I am getting -
[Mar 1 06:09:18] -- Executing [555900972595078311@trunkinbound:1] AGI("SIP/206.225.94.190-000071db", "agi-DID_route.agi") in new stack
[Mar 1 06:09:18] -- Launched AGI Script /usr/share/asterisk/agi-bin/agi-DID_route.agi
[Mar 1 06:09:18] -- <SIP/206.225.94.190-000071db>AGI Script agi-DID_route.agi completed, returning 0
[Mar 1 06:09:18] -- Executing [555900972595078311@trunkinbound:2] Hangup("SIP/206.225.94.190-000071db", "") in new stack
[Mar 1 06:09:18] == Spawn extension (trunkinbound, 555900972595078311, 2) exited non-zero on 'SIP/206.225.94.190-000071db'
[Mar 1 06:09:18] -- Executing [h@trunkinbound:1] AGI("SIP/206.225.94.190-000071db", "agi://127.0.0.1:4577/call_log--HVcauses--PRI-----NODEBUG-----16---------------") in new stack
[Mar 1 06:09:18] -- <SIP/206.225.94.190-000071db>AGI Script agi://127.0.0.1:4577/call_log--HVcauses ... ---------- completed, returning 0
This is after I have removed the phone extensions that were making the outbound calls.
WIth this being said, I have Asterisk 1.8.32.0-vici built by abuild @ build32 on a x86_64 running Linux (Vicibox Install)
I'm not sure how to stop it dialing like this...
[Mar 1 06:09:18] -- Executing [555900972595078311@trunkinbound:1] AGI("SIP/206.225.94.190-000071db", "agi-DID_route.agi") in new stack
[Mar 1 06:09:18] -- Launched AGI Script /usr/share/asterisk/agi-bin/agi-DID_route.agi
[Mar 1 06:09:18] -- <SIP/206.225.94.190-000071db>AGI Script agi-DID_route.agi completed, returning 0
[Mar 1 06:09:18] -- Executing [555900972595078311@trunkinbound:2] Hangup("SIP/206.225.94.190-000071db", "") in new stack
[Mar 1 06:09:18] == Spawn extension (trunkinbound, 555900972595078311, 2) exited non-zero on 'SIP/206.225.94.190-000071db'
[Mar 1 06:09:18] -- Executing [h@trunkinbound:1] AGI("SIP/206.225.94.190-000071db", "agi://127.0.0.1:4577/call_log--HVcauses--PRI-----NODEBUG-----16---------------") in new stack
[Mar 1 06:09:18] -- <SIP/206.225.94.190-000071db>AGI Script agi://127.0.0.1:4577/call_log--HVcauses ... ---------- completed, returning 0
This is after I have removed the phone extensions that were making the outbound calls.
WIth this being said, I have Asterisk 1.8.32.0-vici built by abuild @ build32 on a x86_64 running Linux (Vicibox Install)
I'm not sure how to stop it dialing like this...
