[Apr 22 16:49:29] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '6012' to extension '8937258801200' rejected because extension not found.
[Apr 22 16:49:29] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8016' to extension '0037240888300' rejected because extension not found.
[Apr 22 16:49:30] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8011' to extension '901137066310200' rejected because extension not found.
[Apr 22 16:49:30] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8005' to extension '901125230217000' rejected because extension not found.
[Apr 22 16:49:30] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '6012' to extension '8937258801200' rejected because extension not found.
[Apr 22 16:49:30] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8011' to extension '901137066310200' rejected because extension not found.
[Apr 22 16:49:31] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8013' to extension '025270701400' rejected because extension not found.
[Apr 22 16:49:31] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8016' to extension '0037240888889' rejected because extension not found.
[Apr 22 16:49:33] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8005' to extension '90112525240000' rejected because extension not found.
[Apr 22 16:49:34] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '6012' to extension '8937258810600' rejected because extension not found.
[Apr 22 16:49:34] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8011' to extension '901137066302200' rejected because extension not found.
[Apr 22 16:49:34] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8016' to extension '0037240888900' rejected because extension not found.
[Apr 22 16:49:35] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8013' to extension '02525240700' rejected because extension not found.
[Apr 22 16:49:36] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8005' to extension '901125230217100' rejected because extension not found.
[Apr 22 16:49:36] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '6012' to extension '8937259188800' rejected because extension not found.
[Apr 22 16:49:37] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8011' to extension '901137066303200' rejected because extension not found.
[Apr 22 16:49:38] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8016' to extension '0037240990500' rejected because extension not found.
[Apr 22 16:49:39] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8013' to extension '025230217700' rejected because extension not found.
[Apr 22 16:49:39] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8011' to extension '901137066304200' rejected because extension not found.
[Apr 22 16:49:40] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8005' to extension '90112525240100' rejected because extension not found.
[Apr 22 16:49:40] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '6012' to extension '8937258456500' rejected because extension not found.
[Apr 22 16:49:41] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8016' to extension '0037270179400' rejected because extension not found.
[Apr 22 16:49:41] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8013' to extension '025240700600' rejected because extension not found.
[Apr 22 16:49:42] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8011' to extension '901137066305200' rejected because extension not found.
[Apr 22 16:49:42] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8005' to extension '901125270601650' rejected because extension not found.
[Apr 22 16:49:42] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '6012' to extension '8937282010500' rejected because extension not found.
[Apr 22 16:49:43] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8016' to extension '00881835211890' rejected because extension not found.
[Apr 22 16:49:43] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8016' to extension '00881835211890' rejected because extension not found.
[Apr 22 16:49:43] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8013' to extension '025270300500' rejected because extension not found.
[Apr 22 16:49:43] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8011' to extension '901137066306200' rejected because extension not found.
[Apr 22 16:49:44] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8013' to extension '025270300500' rejected because extension not found.
[Apr 22 16:49:44] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8005' to extension '901125270701400' rejected because extension not found.
[Apr 22 16:49:44] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '6012' to extension '8937257466200' rejected because extension not found.
[Apr 22 16:49:45] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8011' to extension '901137066307200' rejected because extension not found.
[Apr 22 16:49:45] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8013' to extension '025240901200' rejected because extension not found.
[Apr 22 16:49:45] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8005' to extension '90112525240700' rejected because extension not found.
[Apr 22 16:49:46] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8016' to extension '00881935211690' rejected because extension not found.
[Apr 22 16:49:46] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '6012' to extension '8937259995680' rejected because extension not found.
[Apr 22 16:49:46] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8011' to extension '901137066308200' rejected because extension not found.
[Apr 22 16:49:47] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8013' to extension '025240219700' rejected because extension not found.
[Apr 22 16:49:47] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8005' to extension '901125230217700' rejected because extension not found.
[Apr 22 16:49:47] NOTICE[24105]: chan_sip.c:15566 handle_request_invite: Call from '8005' to extension '901125230217700' rejected because extension not found.
Random calls
Moderators: enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, s0lid
3 posts
• Page 1 of 1
Random calls
by ejaboneta » Mon Apr 22, 2013 6:53 pm
I noticed today that while I had no agents logged in, the log was showing some activity. I don't know where these requests are coming from. How can I research what these are and where they are coming from?
- ejaboneta
- Posts: 47
- Joined: Tue Jun 29, 2010 3:34 pm
Re: Random calls
by williamconley » Mon Apr 22, 2013 7:04 pm
1) Yes, be worried.
2) Install whitelist IP tables right now and shut off your carrier until you have confirmed full lockdown.
3) Change all the passwords on your extensions NOW.
4) Change all your extensions (Admin->Phones->"Phone Extension", top field!) to have letters and numbers. Um. NOW.
5) Look at Viciwiki.com for "Dynamic Good Guys" if you installed with Vicibox.
6) Reboot after these changes, but disable your carrier NOW.
7) After you have secured your system properly, seriously consider asking for a new IP address. They will be back, regularly, to try to hack you again.
2) Install whitelist IP tables right now and shut off your carrier until you have confirmed full lockdown.
3) Change all the passwords on your extensions NOW.
4) Change all your extensions (Admin->Phones->"Phone Extension", top field!) to have letters and numbers. Um. NOW.
5) Look at Viciwiki.com for "Dynamic Good Guys" if you installed with Vicibox.
6) Reboot after these changes, but disable your carrier NOW.
7) After you have secured your system properly, seriously consider asking for a new IP address. They will be back, regularly, to try to hack you again.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
- williamconley
- Posts: 20253
- Joined: Wed Oct 31, 2007 4:17 pm
- Location: Davenport, FL (By Disney!)
Re: Random calls
by williamconley » Mon Apr 22, 2013 7:09 pm
to be clear: You have been hacked. Someone has registered successfully to your server to make calls (or they are experimenting with guest sip account access trying to make inbound calls hoping that one of them will generate outbound ... but it is much more likely the successfully registered a phone by Guessing your Phone Extension and Registration Password).
that's stage one: stage two is to find an external path to make calls. If they succeed (find a path to a carrier ... and generate an outbound call), they will immediately place a bid on international calls through a broker and begin passing thousands of calls through your system at full capacity until you shut them off. Generally this amounts to about $1k - $2k per hour if you have good enough bandwidth.
So .. shut off your carrier now to avoid outbound calls, then lock down your system and reboot.
tools:
Show registered IP addresses (see if any don't belong to you ...):
Show network traffic (see if any of these don't belong to you as well, press N, n, p for extra content):
that's stage one: stage two is to find an external path to make calls. If they succeed (find a path to a carrier ... and generate an outbound call), they will immediately place a bid on international calls through a broker and begin passing thousands of calls through your system at full capacity until you shut them off. Generally this amounts to about $1k - $2k per hour if you have good enough bandwidth.
So .. shut off your carrier now to avoid outbound calls, then lock down your system and reboot.
tools:
Show registered IP addresses (see if any don't belong to you ...):
- Code: Select all
asterisk -rx "sip show peers"
Show network traffic (see if any of these don't belong to you as well, press N, n, p for extra content):
- Code: Select all
iftop
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
- williamconley
- Posts: 20253
- Joined: Wed Oct 31, 2007 4:17 pm
- Location: Davenport, FL (By Disney!)
3 posts
• Page 1 of 1
Return to ViciDialNow - GoAutoDial
Who is online
Users browsing this forum: No registered users and 67 guests