[Freeswitch-users] FS account got hacked **urgent**

Ken Rice krice at freeswitch.org
Mon Mar 6 17:35:00 MSK 2017


You can block such attacks with acombination of iptables (and the like) and fail2ban. FreeSWITCH itself will reject calls from such things, but that whole point of an attack like that is to find someone that has some not nice SQL handling code… 

 

As far as rejecting anonymous calls that entirely up to your configuration in FreeSWITCH… see the config documentation for mod_sofia on https://freeswitch.org/confluence

 

From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Siju Nair
Sent: Sunday, March 5, 2017 12:42 PM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
Subject: Re: [Freeswitch-users] FS account got hacked **urgent**

 

Is there any way in FS to stop such attacks ! By the way how to reject anonymous calls in FS .... ? 

Sent from my iPhone


On 04-Mar-2017, at 2:18 AM, Ken Rice <krice at freeswitch.org <mailto:krice at freeswitch.org> > wrote:

I did lolol they didn’t answer me…

 

From: freeswitch-users-bounces at lists.freeswitch.org <mailto:freeswitch-users-bounces at lists.freeswitch.org>  [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Tristan Mahé
Sent: Friday, March 3, 2017 2:45 PM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org <mailto:freeswitch-users at lists.freeswitch.org> >
Subject: Re: [Freeswitch-users] FS account got hacked **urgent**

 

You could maybe ping them on Twitter, they're quite active on  <https://twitter.com/online_fr> @online_fr .

I got in a previous life a BGP peering established that way with them.

 

On 03/03/2017 11:47 AM, Sergey Safarov wrote:

List of of AS12876 networks

$ whois -h whois.radb.net <http://whois.radb.net>  -- '-i origin AS12876' | grep 'route:'
route:          212.155.196.0/23 <http://212.155.196.0/23> 
route:          195.154.0.0/16 <http://195.154.0.0/16> 
route:          62.4.0.0/19 <http://62.4.0.0/19> 
route:          212.83.128.0/19 <http://212.83.128.0/19> 
route:          212.129.0.0/18 <http://212.129.0.0/18> 
route:          212.83.160.0/19 <http://212.83.160.0/19> 
route:          62.210.0.0/16 <http://62.210.0.0/16> 
route:          212.47.224.0/19 <http://212.47.224.0/19> 
route:          163.172.0.0/16 <http://163.172.0.0/16> 

 

Sergey

 

пт, 3 мар. 2017 г. в 22:24, Ken Rice <krice at freeswitch.org <mailto:krice at freeswitch.org> >:

Yes that AS is online.net <http://online.net> 's AS Number... I'm seriously considering
blackholing them across multiple networks...

-----Original Message-----
From: freeswitch-users-bounces at lists.freeswitch.org <mailto:freeswitch-users-bounces at lists.freeswitch.org> 
[mailto:freeswitch-users-bounces at lists.freeswitch.org <mailto:freeswitch-users-bounces at lists.freeswitch.org> ] On Behalf Of jungle
Boogie
Sent: Friday, March 3, 2017 12:59 PM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org <mailto:freeswitch-users at lists.freeswitch.org> >
Subject: Re: [Freeswitch-users] FS account got hacked **urgent**

On 3 March 2017 at 10:45, Ken Rice <krice at freeswitch.org <mailto:krice at freeswitch.org> > wrote:
> The problem with online.net <http://online.net>  isn't necessarily one of their clients,
> they tend to no respond to the reports they get via the link you
> posted nor do they respond to emails to their abuse@ email address as
> per their whois records...

I think I tried the email address once or twice until I found the form. IME,
the online customers resolve the situation and I stop seeing the attacks.

>
> I have received multiple attacks from various IPs on their network
> (the only thing in common with them is its originating from their AS)

hmm, that AS is with online.net <http://online.net> ?

>
> I have seen these attacks across multiple networks... I wish there was
> a way we could would with them to help mitigate this but it doesn't
> seem they are interested in it
>

I wish there was something like denyhosts for sip traffic that would sync up
and download known offenders.

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org <mailto:consulting at freeswitch.org> 
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org> 
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org <mailto:consulting at freeswitch.org> 
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org> 
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org







_________________________________________________________________________
Professional FreeSWITCH Consulting Services: 
consulting at freeswitch.org <mailto:consulting at freeswitch.org> 
http://www.freeswitchsolutions.com
 
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
 
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org> 
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

 

_________________________________________________________________________
Professional FreeSWITCH Consulting Services: 
consulting at freeswitch.org <mailto:consulting at freeswitch.org> 
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org> 
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170306/1ee14160/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list