compte hacked - quelle solution?

[pixel]

Bonjour,

Je pense que je me suis fait hacké mon serveur.

J'ai des appels qui apparaissent dans mes CDR avec "anonymous" comme CLID

1. 2011-06-08 11:11:11 SIP/oxetri anonymous anonymous 0044xxxxxxxxx ANSWERED 01:02
2. 2011-06-08 11:10:10 SIP/oxetri anonymous anonymous 0033xxxxxx ANSWERED 00:21

Dans le détail des logs

AMPUSER=anonymous, 0044xxxxxxxx@from-internal comment peut-on passer des appels avec compte anonymous?


[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [00447932642216@from-internal:1] Macro("SIP/oxetrixbox-00000080", "user-callerid|LIMIT|") in new stack
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-user-callerid:1] Set("SIP/oxetrixbox-00000080", "AMPUSER=anonymous") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: Set
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-user-callerid:2] GotoIf("SIP/oxetrixbox-00000080", "0?report") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: GotoIf
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-user-callerid:3] ExecIf("SIP/oxetrixbox-00000080", "1|Set|REALCALLERIDNUM=anonymous") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: ExecIf
[Jun 8 11:11:11] DEBUG[341] func_db.c: DB: DEVICE/anonymous/user not found in database.
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-user-callerid:4] Set("SIP/oxetrixbox-00000080", "AMPUSER=") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: Set
[Jun 8 11:11:11] DEBUG[341] func_db.c: DB: AMPUSER//cidname not found in database.
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-user-callerid:5] Set("SIP/oxetrixbox-00000080", "AMPUSERCIDNAME=") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: Set
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-user-callerid:6] GotoIf("SIP/oxetrixbox-00000080", "1?report") in new stack
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Goto (macro-user-callerid,s,12)
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: GotoIf
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-user-callerid:12] GotoIf("SIP/oxetrixbox-00000080", "1?continue") in new stack
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Goto (macro-user-callerid,s,25)
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: GotoIf
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-user-callerid:25] Set("SIP/oxetrixbox-00000080", "CALLERID(number)=anonymous") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: Set
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-user-callerid:26] Set("SIP/oxetrixbox-00000080", "CALLERID(name)=") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: Set
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [00xxxxxxxx@from-internal:2] Set("SIP/oxetrixbox-00000080", "_NODEST=") in new stack
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing
[0044xxxxxxxx@from-internal:3] Macro("SIP/oxetrixbox-00000080", "record-enable||OUT|") in new stack
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-record-enable:1] GotoIf("SIP/oxetrixbox-00000080", "1?check") in new stack
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Goto (macro-record-enable,s,4)
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: GotoIf
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-record-enable:4] ExecIf("SIP/oxetrixbox-00000080", "1|MacroExit|") in new stack
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [0044xxxxxxxx@from-internal:4] Macro("SIP/oxetrixbox-00000080", "dialout-trunk|2|0044xxxxxxxx|") in new stack
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-dialout-trunk:1] Set("SIP/oxetrixbox-00000080", "DIAL_TRUNK=2") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: Set
[Jun 8 11:11:11] DEBUG[341] func_db.c: DB: AMPUSER//pinless not found in database.
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-dialout-trunk:2] GosubIf("SIP/oxetrixbox-00000080", "0?sub-pincheck|s|1") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: GosubIf
[Jun 8 11:11:11] DEBUG[341] func_db.c: DB: AMPUSER//pinless not found in database.
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-dialout-trunk:3] GotoIf("SIP/oxetrixbox-00000080", "0?disabletrunk|1") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: GotoIf
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-dialout-trunk:4] Set("SIP/oxetrixbox-00000080", "DIAL_NUMBER=0044xxxxxxx[/B][/B]") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: Set
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-dialout-trunk:5] Set("SIP/oxetrixbox-00000080", "DIAL_TRUNK_OPTIONS=tr") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: Set
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-dialout-trunk:6] Set("SIP/oxetrixbox-00000080", "OUTBOUND_GROUP=OUT_2") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: Set
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-dialout-trunk:7] GotoIf("SIP/oxetrixbox-00000080", "1?nomax") in new stack
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Goto (macro-dialout-trunk,s,9)
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: GotoIf
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-dialout-trunk:9] GotoIf("SIP/oxetrixbox-00000080", "0?skipoutcid") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: GotoIf
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-dialout-trunk:10] Set("SIP/oxetrixbox-00000080", "DIAL_TRUNK_OPTIONS=") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: Set
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-dialout-trunk:11] Macro("SIP/oxetrixbox-00000080", "outbound-callerid|2") in new stack
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-outbound-callerid:1] ExecIf("SIP/oxetrixbox-00000080", "0|SetCallerPres|") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: ExecIf
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-outbound-callerid:2] ExecIf("SIP/oxetrixbox-00000080", "0|Set|REALCALLERIDNUM=anonymous") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: ExecIf
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-outbound-callerid:3] GotoIf("SIP/oxetrixbox-00000080", "1?normcid") in new stack
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Goto (macro-outbound-callerid,s,6)
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: GotoIf
[Jun 8 11:11:11] DEBUG[341] func_db.c: DB: AMPUSER//outboundcid not found in database.
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-outbound-callerid:6] Set("SIP/oxetrixbox-00000080", "USEROUTCID=") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: Set
[Jun 8 11:11:11] DEBUG[341] func_db.c: DB: DEVICE/anonymous/emergency_cid not found in database.
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-outbound-callerid:7] Set("SIP/oxetrixbox-00000080", "EMERGENCYCID=") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: Set
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-outbound-callerid:8] Set("SIP/oxetrixbox-00000080", "TRUNKOUTCID=") in new stack
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: Set
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-outbound-callerid:9] GotoIf("SIP/oxetrixbox-00000080", "1?trunkcid") in new stack
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Goto (macro-outbound-callerid,s,12)
[Jun 8 11:11:11] DEBUG[341] app_macro.c: Executed application: GotoIf
[Jun 8 11:11:11] VERBOSE[341] logger.c: -- Executing [s@macro-outbound-callerid:12]

Comment corriger ce problème? J'ai sûrement commis une erreur quelque part.

Merci d'avance.

[ffossard]

Avec aussi peu de détails, on ne peut rien dire.

[pixel]

Désolé, je suis débutant dans ce domaine.

Quelles informations,avez-vous besoins?

[jean]

je re-tente (la dernière fois, c'etait pas ca....)

est ce que tu as allowguest=no dans sip.conf ?

sinon, change immédiatement tout tes mots de passe, et installe fail2ban (y a des posts sur ce forum)