boeingpilot
Guru
- Joined
- Feb 4, 2008
- Messages
- 50
- Reaction score
- 2
My system was setup similar to yours. Back when I got started (3 years ago), and people weren't thinking about this I had open SIP ports to my box (wanted to be able to use my wifi phone anywhere); had simple endpoint passwords (hey, who would know I was even running a server).
Well, fortunately one night I was down in my workshop, and the SIP extension rings. Some guy is on the phone and wanted to know why I had left a message seeking personal information. Then I get a whole bunch of these messages in 10 minutes!
Look at my log, and see that some one has registered to my box and has a robot placing robo calls through it! Now I have pay as you go trunks, but also have one SIP phone trunk from Vonage. If this had gone on, my Vonage bill would've gone through the roof! Who knows when they would've pulled the plug!
This scared the daylights out of me, and taught me, time to learn security. I was lucky, you may not be.
Just running Fail2Ban, and having it email me any time it bans some one is an eye opener!. My box gets an attempted hit at least once a week, usually from eastern europe, russia, or china.
Once you've had a box on line for a while, there must be a list running around with your IP, making it a target.
Don't play the odds, lock down your box!
Well, fortunately one night I was down in my workshop, and the SIP extension rings. Some guy is on the phone and wanted to know why I had left a message seeking personal information. Then I get a whole bunch of these messages in 10 minutes!
Look at my log, and see that some one has registered to my box and has a robot placing robo calls through it! Now I have pay as you go trunks, but also have one SIP phone trunk from Vonage. If this had gone on, my Vonage bill would've gone through the roof! Who knows when they would've pulled the plug!
This scared the daylights out of me, and taught me, time to learn security. I was lucky, you may not be.
Just running Fail2Ban, and having it email me any time it bans some one is an eye opener!. My box gets an attempted hit at least once a week, usually from eastern europe, russia, or china.
Once you've had a box on line for a while, there must be a list running around with your IP, making it a target.
Don't play the odds, lock down your box!