<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;
        color:black;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";
        color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
        {mso-style-name:msonormal;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;
        color:black;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;
        color:black;}
p.inbox-inbox-p1, li.inbox-inbox-p1, div.inbox-inbox-p1
        {mso-style-name:inbox-inbox-p1;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;
        color:black;}
span.u-linkcomplex-target
        {mso-style-name:u-linkcomplex-target;}
span.inbox-inbox-s1
        {mso-style-name:inbox-inbox-s1;}
span.inbox-inbox-apple-converted-space
        {mso-style-name:inbox-inbox-apple-converted-space;}
span.EmailStyle24
        {mso-style-type:personal;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
span.EmailStyle26
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'>You can block such attacks with acombination of iptables (and the like) and fail2ban. FreeSWITCH itself will reject calls from such things, but that whole point of an attack like that is to find someone that has some not nice SQL handling code… <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'>As far as rejecting anonymous calls that entirely up to your configuration in FreeSWITCH… see the config documentation for mod_sofia on https://freeswitch.org/confluence<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'> freeswitch-users-bounces@lists.freeswitch.org [mailto:freeswitch-users-bounces@lists.freeswitch.org] <b>On Behalf Of </b>Siju Nair<br><b>Sent:</b> Sunday, March 5, 2017 12:42 PM<br><b>To:</b> FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org><br><b>Subject:</b> Re: [Freeswitch-users] FS account got hacked **urgent**<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Is there any way in FS to stop such attacks ! By the way how to reject anonymous calls in FS .... ? <br><br>Sent from my iPhone<o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><br>On 04-Mar-2017, at 2:18 AM, Ken Rice <<a href="mailto:krice@freeswitch.org">krice@freeswitch.org</a>> wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'>I did lolol they didn’t answer me…</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'> <a href="mailto:freeswitch-users-bounces@lists.freeswitch.org">freeswitch-users-bounces@lists.freeswitch.org</a> [<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org">mailto:freeswitch-users-bounces@lists.freeswitch.org</a>] <b>On Behalf Of </b>Tristan Mahé<br><b>Sent:</b> Friday, March 3, 2017 2:45 PM<br><b>To:</b> FreeSWITCH Users Help <<a href="mailto:freeswitch-users@lists.freeswitch.org">freeswitch-users@lists.freeswitch.org</a>><br><b>Subject:</b> Re: [Freeswitch-users] FS account got hacked **urgent**</span><o:p></o:p></p></div></div><p class=MsoNormal> <o:p></o:p></p><p>You could maybe ping them on Twitter, they're quite active on <a href="https://twitter.com/online_fr"><span style='color:#8899A6'>@<span class=u-linkcomplex-target>online_fr</span></span></a> .<br><br>I got in a previous life a BGP peering established that way with them.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><div><p class=MsoNormal>On 03/03/2017 11:47 AM, Sergey Safarov wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>List of of AS12876 networks<o:p></o:p></p><p class=inbox-inbox-p1><span class=inbox-inbox-s1><span style='font-family:"Courier New"'>$ whois -h <a href="http://whois.radb.net">whois.radb.net</a> -- '-i origin AS12876' | grep 'route:'</span></span><span style='font-family:"Courier New"'><br>route:<span class=inbox-inbox-apple-converted-space> </span><a href="http://212.155.196.0/23">212.155.196.0/23</a><br>route:<span class=inbox-inbox-apple-converted-space> </span><a href="http://195.154.0.0/16">195.154.0.0/16</a><br>route:<span class=inbox-inbox-apple-converted-space> </span><a href="http://62.4.0.0/19">62.4.0.0/19</a><br>route:<span class=inbox-inbox-apple-converted-space> </span><a href="http://212.83.128.0/19">212.83.128.0/19</a><br>route:<span class=inbox-inbox-apple-converted-space> </span><a href="http://212.129.0.0/18">212.129.0.0/18</a><br>route:<span class=inbox-inbox-apple-converted-space> </span><a href="http://212.83.160.0/19">212.83.160.0/19</a><br>route:<span class=inbox-inbox-apple-converted-space> </span><a href="http://62.210.0.0/16">62.210.0.0/16</a><br>route:<span class=inbox-inbox-apple-converted-space> </span><a href="http://212.47.224.0/19">212.47.224.0/19</a><br>route:<span class=inbox-inbox-apple-converted-space> </span><a href="http://163.172.0.0/16">163.172.0.0/16</a></span><o:p></o:p></p><p class=inbox-inbox-p1> <o:p></o:p></p><p class=inbox-inbox-p1><span class=inbox-inbox-s1>Sergey</span><o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><div><div><p class=MsoNormal>пт, 3 мар. 2017 г. в 22:24, Ken Rice <<a href="mailto:krice@freeswitch.org">krice@freeswitch.org</a>>:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><p class=MsoNormal>Yes that AS is <a href="http://online.net" target="_blank">online.net</a>'s AS Number... I'm seriously considering<br>blackholing them across multiple networks...<br><br>-----Original Message-----<br>From: <a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a><br>[mailto:<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>] On Behalf Of jungle<br>Boogie<br>Sent: Friday, March 3, 2017 12:59 PM<br>To: FreeSWITCH Users Help <<a href="mailto:freeswitch-users@lists.freeswitch.org" target="_blank">freeswitch-users@lists.freeswitch.org</a>><br>Subject: Re: [Freeswitch-users] FS account got hacked **urgent**<br><br>On 3 March 2017 at 10:45, Ken Rice <<a href="mailto:krice@freeswitch.org" target="_blank">krice@freeswitch.org</a>> wrote:<br>> The problem with <a href="http://online.net" target="_blank">online.net</a> isn't necessarily one of their clients,<br>> they tend to no respond to the reports they get via the link you<br>> posted nor do they respond to emails to their abuse@ email address as<br>> per their whois records...<br><br>I think I tried the email address once or twice until I found the form. IME,<br>the online customers resolve the situation and I stop seeing the attacks.<br><br>><br>> I have received multiple attacks from various IPs on their network<br>> (the only thing in common with them is its originating from their AS)<br><br>hmm, that AS is with <a href="http://online.net" target="_blank">online.net</a>?<br><br>><br>> I have seen these attacks across multiple networks... I wish there was<br>> a way we could would with them to help mitigate this but it doesn't<br>> seem they are interested in it<br>><br><br>I wish there was something like denyhosts for sip traffic that would sync up<br>and download known offenders.<br><br>_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services:<br><a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br><a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br><br>Official FreeSWITCH Sites<br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br><a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br><a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br><br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br><br><br>_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services:<br><a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br><a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br><br>Official FreeSWITCH Sites<br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br><a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br><a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br><br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><o:p></o:p></p></blockquote></div></div><p class=MsoNormal><br><br><br><br><o:p></o:p></p><pre>_________________________________________________________________________<o:p></o:p></pre><pre>Professional FreeSWITCH Consulting Services: <o:p></o:p></pre><pre><a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><o:p></o:p></pre><pre><a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><o:p></o:p></pre><pre> <o:p></o:p></pre><pre>Official FreeSWITCH Sites<o:p></o:p></pre><pre><a href="http://www.freeswitch.org">http://www.freeswitch.org</a><o:p></o:p></pre><pre><a href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a><o:p></o:p></pre><pre><a href="http://www.cluecon.com">http://www.cluecon.com</a><o:p></o:p></pre><pre> <o:p></o:p></pre><pre>FreeSWITCH-users mailing list<o:p></o:p></pre><pre><a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><o:p></o:p></pre><pre><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><o:p></o:p></pre><pre>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><o:p></o:p></pre><pre><a href="http://www.freeswitch.org">http://www.freeswitch.org</a><o:p></o:p></pre></blockquote><p class=MsoNormal> <o:p></o:p></p></div></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal><span style='color:windowtext'>_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services: <br><a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br><a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><br><br>Official FreeSWITCH Sites<br><a href="http://www.freeswitch.org">http://www.freeswitch.org</a><br><a href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a><br><a href="http://www.cluecon.com">http://www.cluecon.com</a><br><br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br><a href="http://www.freeswitch.org">http://www.freeswitch.org</a><o:p></o:p></span></p></div></blockquote></div></body></html>