how to check if my server is hack?

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

how to check if my server is hack?

Postby xodiacx » Tue Nov 19, 2019 12:07 am

Hi all,

Ealier today I receive a call from one of our VoIP Providers saying that we've made around $1000(AU/US not sure) worth of international calls, how can we check if we really made this call coming from our server? First off this provider is under talk and our company have not committed yet to their service because we can't make outgoing calls, all the time when making an outgoing calls this is the message appearing in asteriks cli:

"[Oct 10 16:13:06] -- Executing [976861386580543@default:2] Dial("SIP/999-00137154", "SIP/aatroxcommunications/61386580543") in new stack
[Oct 10 16:13:06] == Using SIP RTP CoS mark 5
[Oct 10 16:13:06] WARNING[13398][C-0047e583]: chan_sip.c:6276 sip_call: No audio format found to offer. Cancelling call to 61386580543
[Oct 10 16:13:06] -- Couldn't call SIP/aatroxcommunications/61386580543
[Oct 10 16:13:06] == Everyone is busy/congested at this time (0:0/0/0)"

Please badly need help in reviewing this, $1000 surely is a lot of money.
xodiacx
 
Posts: 29
Joined: Thu Sep 05, 2013 3:38 pm

Re: how to check if my server is hack?

Postby xodiacx » Sat Nov 23, 2019 6:52 am

Hi

Can any one help?
xodiacx
 
Posts: 29
Joined: Thu Sep 05, 2013 3:38 pm

Re: how to check if my server is hack?

Postby ambiorixg12 » Sat Nov 23, 2019 11:31 pm

[Oct 10 16:13:06] WARNING[13398][C-0047e583]: chan_sip.c:6276 sip_call: No audio format found to offer. Cancelling call to 61386580543

Check the SDP dialog for the payload type ( you codec setting)

related to the source of the call you will need to check on the CDR in and the Asterisk logs the fraudulent numbers dialed, also you will find sip or iax2 account user and IP of the source
ambiorixg12
 
Posts: 448
Joined: Tue Sep 17, 2013 10:35 pm

Re: how to check if my server is hack?

Postby williamconley » Tue Nov 26, 2019 3:55 pm

xodiacx wrote:Hi all,

Ealier today I receive a call from one of our VoIP Providers saying that we've made around $1000(AU/US not sure) worth of international calls, how can we check if we really made this call coming from our server? First off this provider is under talk and our company have not committed yet to their service because we can't make outgoing calls, all the time when making an outgoing calls this is the message appearing in asteriks cli:

"[Oct 10 16:13:06] -- Executing [976861386580543@default:2] Dial("SIP/999-00137154", "SIP/aatroxcommunications/61386580543") in new stack
[Oct 10 16:13:06] == Using SIP RTP CoS mark 5
[Oct 10 16:13:06] WARNING[13398][C-0047e583]: chan_sip.c:6276 sip_call: No audio format found to offer. Cancelling call to 61386580543
[Oct 10 16:13:06] -- Couldn't call SIP/aatroxcommunications/61386580543
[Oct 10 16:13:06] == Everyone is busy/congested at this time (0:0/0/0)"

Please badly need help in reviewing this, $1000 surely is a lot of money.

1) Welcome to the Party! 8-)

2) As you are obviously new here, I have some suggestions to help us all help you:

When you post, please post your entire configuration including (but not limited to) your installation method (7.X.X?) and vicidial version with build (VERSION: 2.X-XXXx ... BUILD: #####-####).

This IS a requirement for posting along with reading the stickies (at the top of each forum) and the manager's manual (available on EFLO.net, both free and paid versions)

You should also post: Asterisk version, telephony hardware (model number is helpful here), cluster information if you have one, and whether any other software is installed in the box. If your installation method is "manual/from scratch" you must post your operating system with version (and the .iso version from which you installed your original operating system) plus a link to the installation instructions you used. If your installation is "Hosted" list the site name of the host.

If this is a "Cloud" or "Virtual" server, please note the technology involved along with the version of that techology (ie: VMware Server Version 2.0.2). If it is not, merely stating the Motherboard model # and CPU would be helpful.

Similar to This:

Vicibox X.X from .iso | Vicidial X.X.X-XXX Build XXXXXX-XXXX | Asterisk X.X.X | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel DG35EC | Core2Quad Q6600

3) Stock installs will log all calls in the asteriskcdrdb and in the Vicidial call logs. More importantly: Your VOIP provider will have the IP of the originator of each call. If that IP is the IP of your Vicidial server, the odds are greatly in favor that your Vicidial logs will in fact match. If the IP address of the originator of those calls is NOT your Vicidial server, that's a different story entirely. If the VOIP provider is using a user/password authentication system instead of IP authentication, then the question remains how your user/pass came to be in the posession of someone else AND why they were not using IP authentication in the first place.

Good luck, sir!
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20018
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)


Return to Support

Who is online

Users browsing this forum: No registered users and 93 guests