I’m in the learning process of getting a better handle on what is a security hack vs. what the PBX should be doing.
I get the following failed to authenticate from IP 108.171.240.58. Am I reading it right that someone from that IP is trying to login as admin?
I guess the big question is what do I do with this information?
[2013-11-05 14:25:01] NOTICE[4191]: acl.c:748 ast_apply_acl: Manager User ACL: Rejecting '108.171.240.58' due to a failure to pass ACL '(BASELINE)'
[2013-11-05 14:25:01] NOTICE[4191]: manager.c:2584 authenticate: 108.171.240.58 failed to pass IP ACL as 'admin'
[2013-11-05 14:25:01] NOTICE[4191]: manager.c:2618 authenticate: 108.171.240.58 failed to authenticate as 'admin'
[2013-11-05 15:04:01] NOTICE[1885][C-000033c5]: chan_sip.c:25282 handle_request_invite: Failed to authenticate device 1000;tag=c58ca315
[2013-11-05 15:05:00] NOTICE[4359]: manager.c:2581 authenticate: 108.171.240.58 tried to authenticate with nonexistent user 'hudpro'
[2013-11-05 15:05:00] NOTICE[4359]: manager.c:2618 authenticate: 108.171.240.58 failed to authenticate as 'hudpro'
I assume this is something coming from the PBX? When I see this username it reminds me of the old HUD server we ran 5 years ago on the old Trixbox PBX.
No voodoo or luck involved, the knuckledraggers are out there and they are a lot cleverer than you.
There are many, many posts on how to secure voip services in general and Asterisk in particular, choose your recipe but be aware that there are many areas to cover, the first one is to make sure your asterisk is up to date and patched.
My preference is to use CSF as a firewall, a properly configured Fail2Ban as an IDS that works well with CSF and rkhunter to protect your ass when you blew the other two