Is my server hacked?

i am using the firewall of freepbx, is there anything that i can do to block those scans inside of the freepbx ?

You would have to ask the publisher, it is effectively closed source.

But you can effectively make them disappear by changing your behavior :wink:

1 Like

The IP addresses weren’t compromised, servers where. Botnets are devices that are compromised. The IP could change every two hours and the device is still part of that botnet.

So as I asked before, are they installing SIP clients on these Exchange servers? How would a compromised Exchange server be able to do a SIP attack/probe on a SIP server? I am asking real questions here. If you can provide a plausible answer to them, Im listening.

You realize that is a troll account right? The name alone is a community violation.

I’ve reported it before, but no action has ever been taken.

1 Like

Yes. Put your PBX behind a NAT Router, and don’t forward any ports. Make sure that your trunks register or send qualify packets. It’s fairly easy.

See this article for more details:

http://nerdvittles.com/avoiding-the-100000-phone-bill-a-primer-on-asterisk-security/

Yup. Wanted to see the troll dance.

1 Like

Do you guys think there will be any issue or slow down the server if i allow only the country that i work with and deny every other country, i am thinking to add like 2000 - 3000 of ip cidr in the iptable. Thanks

I suggest yOu use ipset and geoip.

(But nowadays with cheap virtualization, the ‘country’ really doesn’t help identify the sender)

1 Like

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.