Hello,
Unfortunately my asterisk box got hacked. I was using it on cloud vps. I am checking logs the only thing I found unusual as follow.
[color=#FF0000][Jan 29 15:21:11] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as1608bea0’
[Jan 29 15:22:37] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as4a36ea98’
[Jan 29 15:22:37] ERROR[1477] utils.c: fwrite() returned error: Connection reset by peer
[Jan 29 15:22:37] ERROR[1477] utils.c: fwrite() returned error: Broken pipe
[Jan 29 15:23:02] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as34237097’
[Jan 29 15:23:09] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as615d3b11’
[Jan 29 15:23:16] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as4167b294’
[Jan 29 15:23:30] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as7a260779’
[Jan 29 15:23:37] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as46874f7e’
[Jan 29 15:23:44] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as30996039’
[Jan 29 15:23:51] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as6de25b30’
[Jan 29 15:24:19] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as7380bbd8’
[Jan 29 15:24:26] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as43eb0640’
[Jan 29 15:24:33] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as210188e5’
[Jan 29 15:24:40] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as499e9149’
[Jan 29 15:24:54] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as7e437f92’
[Jan 29 15:25:10] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as0da9123d’
[Jan 29 15:25:28] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as1425257d’
[Jan 29 15:25:35] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as71275a3b’
[Jan 29 15:25:43] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as737c45d1’
[Jan 29 15:25:50] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as674fac9e’
[Jan 29 15:25:57] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as4481d8ae’
[Jan 29 15:26:04] WARNING[1377] chan_sip.c: Received response: “Forbidden” from ‘“Anonymous” sip:anonymous@anonymous.invalid;tag=as315b4d2c’[/color]
there are also similar entries in cdr table that shows call duration as well.
any idea or suggestion to prevent such attacks in future. Please