<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">registration and authorization are completely different things. Are you still using the default passwords from the sample configs? I suspect this "hacker" actually has the password.<div><br></div><div><br><div><div>On Mar 1, 2014, at 9:25 PM, Shahzad Bhatti <<a href="mailto:shahzad.bhatti@g-r-v.com">shahzad.bhatti@g-r-v.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr"><div>Hi Everybody,<br></div>i am rephrasing my question that<br><br>i got a legal registered sip account 1001 on freeswitch <br><br>but some hacker who is not registered on my freeswitch <br>but use same 1001 account and make call.<br>
<br>i put condition in xml_dialplan to verify and allow only register sip accounts to call <br>as<br><br><b><condition field=</b><b><span class=""><span class="">"${sofia_contact */1001@freeswitchIP}"</span> <span class="">expression</span>=<span class="">"^[^@]+@(.+)"</span><span class="">></span></span>><br>
<br></b>but hacker find someway to pass the regex through some back whole in my script and make calls<br><div><div><b><br>dialplan xml is </b></div><div><a href="http://pastebin.freeswitch.org/22054" target="_blank">http://pastebin.freeswitch.org/22054</a><br>
</div></div><div><div><b>fs_cli log as </b></div><div><a href="http://pastebin.freeswitch.org/22050" target="_blank">http://pastebin.freeswitch.org/22050</a><br>
</div><div><div><b>xml_cdr is</b> </div><div><a href="http://pastebin.freeswitch.org/22052" target="_blank">http://pastebin.freeswitch.org/22052</a><br></div><div><br></div></div></div>i also try to generate the scenario but got no success, but now want to know<br>
<div><div>how hacker made successful call in the above scenario and what is the best way to prevent from hacking in future<br><br></div><div>Regards<br><br></div><div>Shahzad Bhatti <br><br><br></div><div><div class="gmail_quote">
---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Shahzad Bhatti</b> <span dir="ltr"><<a href="mailto:shahzad.bhatti@g-r-v.com">shahzad.bhatti@g-r-v.com</a>></span><br>Date: Fri, Feb 28, 2014 at 11:51 PM<br>
Subject: Call Without Authorization<br>To: <a href="mailto:freeswitch-users@lists.freeswitch.org">freeswitch-users@lists.freeswitch.org</a><br><br><br><div dir="ltr">Hi everybody,<div><br></div><div>i create my xml_curl script as that don't allow unregistered calls with the following condition</div>
<div><b><condition field=\"\${sofia_contact */{$sipuser}@$domain}\" expression=\"^[^@]+@(.+)\"></b><br>
</div><div>and its working but yesterday a call is originated from having </div><div><br></div><div><b>fs_cli log as </b></div><div><a href="http://pastebin.freeswitch.org/22050" target="_blank">http://pastebin.freeswitch.org/22050</a><br>
</div><div><br></div><div><b>xml_cdr is</b> </div><div><a href="http://pastebin.freeswitch.org/22052" target="_blank">http://pastebin.freeswitch.org/22052</a><br></div><div><br></div><div><div><b>dialplan xml is </b></div>
<div><a href="http://pastebin.freeswitch.org/22054" target="_blank">http://pastebin.freeswitch.org/22054</a><br>
</div></div><div><br></div><div>this is only example that how the hacker breached</div><div><br></div><div>i want to know that </div><div><b>1. how it is possible that this call is originated as i check condition that allow to call only registered sip accounts.</b></div>
<div><b>2. how to prevent that this would not happened in future. </b></div><div><b>3. if there any better way to do that do inform me;</b></div><div><br></div><div>i check about 500 calls placed under the given scenario and many of them also answered</div>
<div><br></div><div>Regards</div><span class=""><font color="#888888"><div><br></div><div>Shahzad Bhatti </div><div><br></div></font></span></div>
</div></div></div></div></blockquote></div><br></div></body></html>