[Freeswitch-users] Hacking FS issue

Muhammad Shahzad shaheryarkh at googlemail.com
Wed Sep 26 22:59:36 MSD 2012 

Fs comed with many sample accounts. There are at least 20 sample directory
users 1000-1020 which you should remove before putting it to production.

On Sep 26, 2012 8:29 PM, "Todd Bailey" <toddb at toddbailey.net> wrote:
>
>
> Hey All,
>
>
> I just got an email from Frontier that there were several attempts to
> make international calls.
>
>
> I checked the log file and verified that somehow someone was able to get
> access to FS from the internet.
>
>
> here is a sample of the log
>
>  [m [36m2012-09-23 16:30:29.916821 [NOTICE] switch_channel.c:941 New
> Channel sofia/internal/1000 at 50.47.85.167
> [af778857-0188-4ed2-a82a-94ae749a02cb]
>  [m [32m2012-09-23 16:30:29.916821 [INFO] mod_dialplan_xml.c:485
> Processing 1000 <1000>->01137168521352 in context default
>  [m [36m2012-09-23 16:30:29.936831 [NOTICE] switch_channel.c:941 New
> Channel sofia/internal/01137168521352 at 192.168.1.5:5061
> [d1243a78-c464-45fa-9215-e7b85e1221fc]
>  [m [36m2012-09-23 16:30:29.956842 [NOTICE] sofia.c:6132 Ring-Ready
> sofia/internal/01137168521352 at 192.168.1.5:5061!
>  [m [36m2012-09-23 16:30:29.956842 [NOTICE] mod_sofia.c:2572 Ring-Ready
> sofia/internal/1000 at 50.47.85.167!
>  [m [36m2012-09-23 16:30:29.956842 [NOTICE] switch_ivr_originate.c:519
> Ring Ready sofia/internal/1000 at 50.47.85.167!
>  [m [36m2012-09-23 16:30:32.936826 [NOTICE] sofia.c:6777 Channel
> [sofia/internal/01137168521352 at 192.168.1.5:5061] has been answered
>  [m [36m2012-09-23 16:30:32.956825 [NOTICE] sofia_glue.c:4176 Pre-Answer
> sofia/internal/1000 at 50.47.85.167!
>  [m [36m2012-09-23 16:30:32.956825 [NOTICE] switch_ivr_originate.c:3303
> Channel [sofia/internal/1000 at 50.47.85.167] has been answered
>  [m [36m2012-09-23 16:30:52.356865 [N [m [36m2012-09-23 16:30:29.916821
> [NOTICE] switch_channel.c:941 New Channel
> sofia/internal/1000 at 50.47.85.167 [af778857-0188-4ed2-a82a-94ae749a02cb]
>  [m [32m2012-09-23 16:30:29.916821 [INFO] mod_dialplan_xml.c:485
> Processing 1000 <1000>->01137168521352 in context default
>  [m [36m2012-09-23 16:30:29.936831 [NOTICE] switch_channel.c:941 New
> Channel sofia/internal/01137168521352 at 192.168.1.5:5061
> [d1243a78-c464-45fa-9215-e7b85e1221fc]
>  [m [36m2012-09-23 16:30:29.956842 [NOTICE] sofia.c:6132 Ring-Ready
> sofia/internal/01137168521352 at 192.168.1.5:5061!
>  [m [36m2012-09-23 16:30:29.956842 [NOTICE] mod_sofia.c:2572 Ring-Ready
> sofia/internal/1000 at 50.47.85.167!
>  [m [36m2012-09-23 16:30:29.956842 [NOTICE] switch_ivr_originate.c:519
> Ring Ready sofia/internal/1000 at 50.47.85.167!
>  [m [36m2012-09-23 16:30:32.936826 [NOTICE] sofia.c:6777 Channel
> [sofia/internal/01137168521352 at 192.168.1.5:5061] has been answered
>  [m [36m2012-09-23 16:30:32.956825 [NOTICE] sofia_glue.c:4176 Pre-Answer
> sofia/internal/1000 at 50.47.85.167!
>  [m [36m2012-09-23 16:30:32.956825 [NOTICE] switch_ivr_originate.c:3303
> Channel [sofia/internal/1000 at 50.47.85.167] has been answered
>  [m [36m2012-09-23 16:30:52.356865 [NOTICE] switch_channel.c:941 New
> Channel sofia/internal/1000 at 50.47.85.167
> [4576bc76-144a-4f6f-8915-871b511c374d]
>  [m [32m2012-09-23 16:30:52.376830 [INFO] mod_dialplan_xml.c:485
> Processing 1000 <1000>->01137168905352 in context defaultOTICE]
> switch_channel.c:941 New Channel sofia/internal/1000 at 50.47.85.167
> [4576bc76-144a-4f6f-8915-871b511c374d]
>  [m [32m2012-09-23 16:30:52.376830 [INFO] mod_dialplan_xml.c:485
> Processing 1000 <1000>->01137168905352 in context default
>
>
> At this point I'm at a loss how this is happening as I have multiple
> firewalls in place that limit port access.
>
> Can someone provide a few pointers on how to better secure FS running on
> Linux systems?
>
>
> thanks
>
>
> --
> -
> -
> -    Best Regards,
> -
> -            Todd Bailey
> -
> -
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120926/2d8d0d88/attachment.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list