<p>Fs comed with many sample accounts. There are at least 20 sample directory users 1000-1020 which you should remove before putting it to production.<br></p>
<p>On Sep 26, 2012 8:29 PM, "Todd Bailey" <<a href="mailto:toddb@toddbailey.net">toddb@toddbailey.net</a>> wrote:<br>
><br>
><br>
> Hey All,<br>
><br>
><br>
> I just got an email from Frontier that there were several attempts to<br>
> make international calls.<br>
><br>
><br>
> I checked the log file and verified that somehow someone was able to get<br>
> access to FS from the internet.<br>
><br>
><br>
> here is a sample of the log<br>
><br>
> [m [36m2012-09-23 16:30:29.916821 [NOTICE] switch_channel.c:941 New<br>
> Channel sofia/internal/<a href="mailto:1000@50.47.85.167">1000@50.47.85.167</a><br>
> [af778857-0188-4ed2-a82a-94ae749a02cb]<br>
> [m [32m2012-09-23 16:30:29.916821 [INFO] mod_dialplan_xml.c:485<br>
> Processing 1000 <1000>->01137168521352 in context default<br>
> [m [36m2012-09-23 16:30:29.936831 [NOTICE] switch_channel.c:941 New<br>
> Channel sofia/internal/<a href="http://01137168521352@192.168.1.5:5061">01137168521352@192.168.1.5:5061</a><br>
> [d1243a78-c464-45fa-9215-e7b85e1221fc]<br>
> [m [36m2012-09-23 16:30:29.956842 [NOTICE] sofia.c:6132 Ring-Ready<br>
> sofia/internal/<a href="http://01137168521352@192.168.1.5:5061">01137168521352@192.168.1.5:5061</a>!<br>
> [m [36m2012-09-23 16:30:29.956842 [NOTICE] mod_sofia.c:2572 Ring-Ready<br>
> sofia/internal/<a href="mailto:1000@50.47.85.167">1000@50.47.85.167</a>!<br>
> [m [36m2012-09-23 16:30:29.956842 [NOTICE] switch_ivr_originate.c:519<br>
> Ring Ready sofia/internal/<a href="mailto:1000@50.47.85.167">1000@50.47.85.167</a>!<br>
> [m [36m2012-09-23 16:30:32.936826 [NOTICE] sofia.c:6777 Channel<br>
> [sofia/internal/<a href="http://01137168521352@192.168.1.5:5061">01137168521352@192.168.1.5:5061</a>] has been answered<br>
> [m [36m2012-09-23 16:30:32.956825 [NOTICE] sofia_glue.c:4176 Pre-Answer<br>
> sofia/internal/<a href="mailto:1000@50.47.85.167">1000@50.47.85.167</a>!<br>
> [m [36m2012-09-23 16:30:32.956825 [NOTICE] switch_ivr_originate.c:3303<br>
> Channel [sofia/internal/<a href="mailto:1000@50.47.85.167">1000@50.47.85.167</a>] has been answered<br>
> [m [36m2012-09-23 16:30:52.356865 [N [m [36m2012-09-23 16:30:29.916821<br>
> [NOTICE] switch_channel.c:941 New Channel<br>
> sofia/internal/<a href="mailto:1000@50.47.85.167">1000@50.47.85.167</a> [af778857-0188-4ed2-a82a-94ae749a02cb]<br>
> [m [32m2012-09-23 16:30:29.916821 [INFO] mod_dialplan_xml.c:485<br>
> Processing 1000 <1000>->01137168521352 in context default<br>
> [m [36m2012-09-23 16:30:29.936831 [NOTICE] switch_channel.c:941 New<br>
> Channel sofia/internal/<a href="http://01137168521352@192.168.1.5:5061">01137168521352@192.168.1.5:5061</a><br>
> [d1243a78-c464-45fa-9215-e7b85e1221fc]<br>
> [m [36m2012-09-23 16:30:29.956842 [NOTICE] sofia.c:6132 Ring-Ready<br>
> sofia/internal/<a href="http://01137168521352@192.168.1.5:5061">01137168521352@192.168.1.5:5061</a>!<br>
> [m [36m2012-09-23 16:30:29.956842 [NOTICE] mod_sofia.c:2572 Ring-Ready<br>
> sofia/internal/<a href="mailto:1000@50.47.85.167">1000@50.47.85.167</a>!<br>
> [m [36m2012-09-23 16:30:29.956842 [NOTICE] switch_ivr_originate.c:519<br>
> Ring Ready sofia/internal/<a href="mailto:1000@50.47.85.167">1000@50.47.85.167</a>!<br>
> [m [36m2012-09-23 16:30:32.936826 [NOTICE] sofia.c:6777 Channel<br>
> [sofia/internal/<a href="http://01137168521352@192.168.1.5:5061">01137168521352@192.168.1.5:5061</a>] has been answered<br>
> [m [36m2012-09-23 16:30:32.956825 [NOTICE] sofia_glue.c:4176 Pre-Answer<br>
> sofia/internal/<a href="mailto:1000@50.47.85.167">1000@50.47.85.167</a>!<br>
> [m [36m2012-09-23 16:30:32.956825 [NOTICE] switch_ivr_originate.c:3303<br>
> Channel [sofia/internal/<a href="mailto:1000@50.47.85.167">1000@50.47.85.167</a>] has been answered<br>
> [m [36m2012-09-23 16:30:52.356865 [NOTICE] switch_channel.c:941 New<br>
> Channel sofia/internal/<a href="mailto:1000@50.47.85.167">1000@50.47.85.167</a><br>
> [4576bc76-144a-4f6f-8915-871b511c374d]<br>
> [m [32m2012-09-23 16:30:52.376830 [INFO] mod_dialplan_xml.c:485<br>
> Processing 1000 <1000>->01137168905352 in context defaultOTICE]<br>
> switch_channel.c:941 New Channel sofia/internal/<a href="mailto:1000@50.47.85.167">1000@50.47.85.167</a><br>
> [4576bc76-144a-4f6f-8915-871b511c374d]<br>
> [m [32m2012-09-23 16:30:52.376830 [INFO] mod_dialplan_xml.c:485<br>
> Processing 1000 <1000>->01137168905352 in context default<br>
><br>
><br>
> At this point I'm at a loss how this is happening as I have multiple<br>
> firewalls in place that limit port access.<br>
><br>
> Can someone provide a few pointers on how to better secure FS running on<br>
> Linux systems?<br>
><br>
><br>
> thanks<br>
><br>
><br>
> --<br>
> -<br>
> -<br>
> - Best Regards,<br>
> -<br>
> - Todd Bailey<br>
> -<br>
> -<br>
><br>
><br>
> _________________________________________________________________________<br>
> Professional FreeSWITCH Consulting Services:<br>
> <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
> <a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><br>
><br>
> FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
> <a href="http://www.cudatel.com">http://www.cudatel.com</a><br>
><br>
> Official FreeSWITCH Sites<br>
> <a href="http://www.freeswitch.org">http://www.freeswitch.org</a><br>
> <a href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a><br>
> <a href="http://www.cluecon.com">http://www.cluecon.com</a><br>
><br>
> FreeSWITCH-users mailing list<br>
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
> <a href="http://www.freeswitch.org">http://www.freeswitch.org</a><br>
</p>