–_000_EFCDF2C6785A7B478B3A77A6E7C36369022F3B37E6mailxaccelnet_
Content-Type: text/plain; charset=”us-ascii”
Content-Transfer-Encoding: quoted-printable

Anyone know how someone can hack an asterisk box and register with every single account on the box. This box only has 3 accounts, with very complex passwords. Have VoIP blacklist setup and fail2ban…

The hackers were able to make 2 calls to Cuba before my alerting system texted me.

I am running asterisk 16.3 with PJSIP.

This is my only box open to the outside world, a requirement for this one customer. Looked into my logs… can’t find anything out of the ordinary.

Any ideas ?

Contact:
==========================================================================================

Contact: 12120001001/sip:12120001001@5.79.64.23:9227 ee80678930 NonQual nan
Contact: 848842405/sip: 848842405@5.79.64.23:9227 031ed703ba NonQual nan
Contact: 848842405/sip: 848842405@5.79.64.23:9227 031ed703ba NonQual nan
Contact: ghbhhm0000/sip:ghbhhm0000@5.79.64.23:9227 959fc8fbf4 NonQual nan
Contact: ghbhhm0000/sip:ghbhhm0000@5.79.64.23:9227 959fc8fbf4 NonQual nan
Contact: ghbhhm0000/sip:ghbhhm0000@5.79.64.23:9228 d7bf838918 NonQual nan
Contact: ghbhhm0000/sip:ghbhhm0000@5.79.64.23:9228 d7bf838918 NonQual nan

Any helps is much appreciated.

John Bittner CTO
[xaccellogoemail]
380 US Highway 46, Suite 500
Totowa, NJ 07512
Phone: 201.806.2602 x2405
Fax: 201.806.2604
Cell: 973.390.1090
www.xaccel.net

CONFIDENTIALITY NOTICE:
This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information which should not be shared or forwarded. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the e-mail.

–_000_EFCDF2C6785A7B478B3A77A6E7C36369022F3B37E6mailxaccelnet_
Content-Type: text/html; charset=”us-ascii”
Content-Transfer-Encoding: quoted-printable