<div>Dear all,</div><div><br></div><div>Recently, my FS server are often slowed down at midnight, and system logged a lot of these lines below:</div><div><br></div>2011-01-03 04:13:07.494973 [WARNING] sofia_reg.c:1203 SIP auth challenge (REGISTER) on sofia profile 'internal' for [<a href="mailto:5843@90.192.85.12">5843@90.192.85.12</a>] from ip 184.106.178.189<div>
<br><div><div>2011-01-03 04:11:41.344034 [WARNING] sofia_reg.c:1203 SIP auth challenge (REGISTER) on sofia profile 'internal' for [<a href="mailto:music@90.192.85.12">music@90.192.85.12</a>] from ip 184.106.178.189</div>
<div>2011-01-03 04:11:41.503079 [WARNING] sofia_reg.c:1203 SIP auth challenge (REGISTER) on sofia profile 'internal' for [<a href="mailto:music@90.192.85.12">music@90.192.85.12</a>] from ip 184.106.178.189</div><div>
2011-01-03 04:11:41.671564 [WARNING] sofia_reg.c:1203 SIP auth challenge (REGISTER) on sofia profile 'internal' for [<a href="mailto:music@90.192.85.12">music@90.192.85.12</a>] from ip 184.106.178.189</div><div>2011-01-03 04:11:41.828182 [WARNING] sofia_reg.c:1203 SIP auth challenge (REGISTER) on sofia profile 'internal' for [<a href="mailto:music@90.192.85.12">music@90.192.85.12</a>] from ip 184.106.178.189</div>
<div>2011-01-03 04:11:41.998964 [WARNING] sofia_reg.c:1203 SIP auth challenge (REGISTER) on sofia profile 'internal' for [<a href="mailto:music@90.192.85.12">music@90.192.85.12</a>] from ip 184.106.178.189</div><div>
2011-01-03 04:11:42.145093 [WARNING] sofia_reg.c:1203 SIP auth challenge (REGISTER) on sofia profile 'internal' for [<a href="mailto:music@90.192.85.12">music@90.192.85.12</a>] from ip 184.106.178.189</div><div>2011-01-03 04:11:42.291273 [WARNING] sofia_reg.c:1203 SIP auth challenge (REGISTER) on sofia profile 'internal' for [<a href="mailto:music@90.192.85.12">music@90.192.85.12</a>] from ip 184.106.178.189</div>
<div>2011-01-03 04:11:42.448811 [WARNING] sofia_reg.c:1203 SIP auth challenge (REGISTER) on sofia profile 'internal' for [<a href="mailto:music@90.192.85.12">music@90.192.85.12</a>] from ip 184.106.178.189</div><div>
2011-01-03 04:11:42.605709 [WARNING] sofia_reg.c:1203 SIP auth challenge (REGISTER) on sofia profile 'internal' for [<a href="mailto:music@90.192.85.12">music@90.192.85.12</a>] from ip 184.106.178.189</div></div><div>
<br></div><div>I installed fail2ban, but it does not seem to work. After reading these lines, I found this to be a successful REGISTER instead of a failure. </div><div>But I do not have 5843 or music in my directory, and myself can not login to music account, it generate the following error log:</div>
<div><br></div><div>2011-01-03 15:19:32.360152 [WARNING] sofia_reg.c:1161 SIP auth failure (REGISTER) on sofia profile 'internal' for [<a href="mailto:music@192.168.0.3">music@192.168.0.3</a>] from ip 192.168.0.6</div>
<div><br></div><div>So, how can this hacker successfully registered music account and avoid to be baned? it is strange.</div><div><br></div></div><div>Thanks. </div>