Hacking in My Sytem

Discussion in 'General' started by mcamerar, Mar 17, 2011.

  1. mcamerar

    Joined:
    Nov 25, 2009
    Messages:
    25
    Likes Received:
    0
    Hello to everyone,
    Please I need urgent help, I am newbie with Elastix and after reading many posts here on the forum I found out that someone is hacking in my system.
    2 Days ago they got all my providers setting and they empty all the credit calling "sexy hotline numbers"...I changed all the password yesterday and last night they tried again to use a softphone with one of mine extensions.
    I tried to check all the log and I found out this...Anyone could help me please and tell me if from this log they have entered again or they are just trying with no success.
    I contacted also the ip owners, but so far they diddn't reply.
    Here is the ssl acces log...let me know if you need other logs and where to find them
    Thank you


    213.229.84.96 - - [17/Mar/2011:02:20:12 +0200] "GET /admin/config.php?display=trunks&extdisplay=OUT_9 HTTP/1.1" 401 2305
    213.229.84.96 - asteriskuser [17/Mar/2011:02:20:17 +0200] "GET /admin/config.php?display=trunks&extdisplay=OUT_9 HTTP/1.1" 200 42589
    213.229.84.96 - - [17/Mar/2011:02:20:18 +0200] "GET /admin/images/freepbx_large.png HTTP/1.1" 200 7590
    213.229.84.96 - asteriskuser [17/Mar/2011:02:20:18 +0200] "GET /admin/common/script.js.php HTTP/1.1" 200 1111
    213.229.84.96 - - [17/Mar/2011:02:20:18 +0200] "GET /admin/favicon.ico HTTP/1.1" 200 318
    213.229.84.96 - asteriskuser [17/Mar/2011:02:20:18 +0200] "GET /admin/config.php?handler=file&module=core&file=core.css HTTP/1.1" 200 225
    213.229.84.96 - - [17/Mar/2011:02:20:18 +0200] "GET /admin/images/logo.png HTTP/1.1" 200 5699
    213.229.84.96 - - [17/Mar/2011:02:20:18 +0200] "GET /admin/common/mainstyle.css HTTP/1.1" 200 15812
    213.229.84.96 - - [17/Mar/2011:02:20:18 +0200] "GET /admin/images/freepbx_small.png HTTP/1.1" 200 4844
    213.229.84.96 - - [17/Mar/2011:02:20:18 +0200] "GET /admin/images/trash.png HTTP/1.1" 200 412
    213.229.84.96 - - [17/Mar/2011:02:20:18 +0200] "GET /admin/images/core_delete.png HTTP/1.1" 200 715
    213.229.84.96 - - [17/Mar/2011:02:20:18 +0200] "GET /admin/common/libfreepbx.javascripts.js HTTP/1.1" 200 171105
    213.229.84.96 - - [17/Mar/2011:02:20:19 +0200] "GET /admin/images/header-back.png HTTP/1.1" 200 339
    213.229.84.96 - - [17/Mar/2011:02:20:19 +0200] "GET /admin/images/shadow-side-background.png HTTP/1.1" 200 198
    213.229.84.96 - - [17/Mar/2011:02:20:19 +0200] "GET /admin/images/tab.png HTTP/1.1" 200 1431
    213.229.84.96 - - [17/Mar/2011:02:20:19 +0200] "GET /admin/images/tab-first-current.png HTTP/1.1" 200 2639
    213.229.84.96 - - [17/Mar/2011:02:20:19 +0200] "GET /admin/images/shadow-side.png HTTP/1.1" 200 98
    213.229.84.96 - - [17/Mar/2011:02:20:19 +0200] "GET /admin/images/category1.png HTTP/1.1" 200 877
    213.229.84.96 - - [17/Mar/2011:02:20:19 +0200] "GET /admin/images/modules-current1.png HTTP/1.1" 200 2000
    213.229.84.96 - - [17/Mar/2011:02:20:19 +0200] "GET /admin/images/modules1.png HTTP/1.1" 200 1676
    213.229.84.96 - - [17/Mar/2011:02:20:19 +0200] "GET /admin/images/shadow-top.png HTTP/1.1" 200 109
    213.229.84.96 - - [17/Mar/2011:02:20:19 +0200] "GET /admin/images/shadow-corner.png HTTP/1.1" 200 184
    213.229.84.96 - - [17/Mar/2011:02:20:19 +0200] "GET /admin/images/watermark.png HTTP/1.1" 200 19119
    213.229.84.96 - - [17/Mar/2011:02:20:20 +0200] "GET /admin/images/modules-hover1.png HTTP/1.1" 200 432
    213.229.84.96 - asteriskuser [17/Mar/2011:02:20:21 +0200] "GET /admin/config.php?type=setup&display=index HTTP/1.1" 200 26155
    213.229.84.96 - asteriskuser [17/Mar/2011:02:20:23 +0200] "GET /admin/config.php?handler=file&module=dashboard&file=dashboard.css HTTP/1.1" 200 2463
    213.229.84.96 - - [17/Mar/2011:02:20:23 +0200] "GET /admin/images/notify_warning.png HTTP/1.1" 200 789
    213.229.84.96 - - [17/Mar/2011:02:20:23 +0200] "GET /admin/images/notify_delete.png HTTP/1.1" 200 715
    213.229.84.96 - - [17/Mar/2011:02:20:23 +0200] "GET /admin/images/notify_notice.png HTTP/1.1" 200 778
    213.229.84.96 - - [17/Mar/2011:02:20:23 +0200] "GET /admin/images/dashboard-sysinfo.png HTTP/1.1" 200 247
    213.229.84.96 - - [17/Mar/2011:02:20:23 +0200] "GET /admin/images/cancel.png HTTP/1.1" 200 815
    213.229.84.96 - asteriskuser [17/Mar/2011:02:20:28 +0200] "GET /admin/config.php?type=setup&display=trunks HTTP/1.1" 200 18926
    213.229.84.96 - - [17/Mar/2011:02:20:29 +0200] "GET /admin/images/core_add.png HTTP/1.1" 200 733
    213.229.84.96 - asteriskuser [17/Mar/2011:02:20:32 +0200] "GET /admin/config.php?display=trunks&extdisplay=OUT_13 HTTP/1.1" 200 42648
    213.229.84.96 - asteriskuser [17/Mar/2011:02:21:14 +0200] "GET /admin/config.php?display=trunks&extdisplay=OUT_8 HTTP/1.1" 200 42685
    213.229.84.96 - asteriskuser [17/Mar/2011:02:21:39 +0200] "GET /admin/config.php?display=trunks&extdisplay=OUT_6 HTTP/1.1" 200 42538
    213.229.84.96 - asteriskuser [17/Mar/2011:02:21:40 +0200] "GET /admin/config.php?display=trunks&extdisplay=OUT_9 HTTP/1.1" 200 42589
    213.229.84.96 - asteriskuser [17/Mar/2011:02:22:12 +0200] "GET /admin/config.php?display=trunks&extdisplay=OUT_5 HTTP/1.1" 200 42705
    213.229.84.96 - asteriskuser [17/Mar/2011:02:22:31 +0200] "GET /admin/config.php?display=trunks&extdisplay=OUT_12 HTTP/1.1" 200 42733
    213.229.84.96 - asteriskuser [17/Mar/2011:02:22:49 +0200] "GET /admin/config.php?type=setup&display=extensions HTTP/1.1" 200 23873
    213.229.84.96 - asteriskuser [17/Mar/2011:02:22:57 +0200] "GET /admin/config.php?type=setup&display=extensions&extdisplay=500 HTTP/1.1" 200 54725
    213.229.84.96 - - [17/Mar/2011:02:22:58 +0200] "GET /admin/images/user_add.png HTTP/1.1" 200 746
    213.229.84.96 - asteriskuser [17/Mar/2011:02:23:07 +0200] "POST /admin/config.php HTTP/1.1" 302 59581
    213.229.84.96 - asteriskuser [17/Mar/2011:02:23:08 +0200] "GET /admin/config.php?type=setup&display=extensions&extdisplay=500 HTTP/1.1" 200 59684
    213.229.84.96 - - [17/Mar/2011:02:23:09 +0200] "GET /admin/images/accept.png HTTP/1.1" 200 781
    213.229.84.96 - - [17/Mar/2011:02:23:09 +0200] "GET /admin/images/database_gear.png HTTP/1.1" 200 468
    213.229.84.96 - - [17/Mar/2011:02:23:09 +0200] "GET /admin/images/loading.gif HTTP/1.1" 200 8143
    213.229.84.96 - - [17/Mar/2011:02:23:09 +0200] "GET /admin/images/user_add.png HTTP/1.1" 200 746
    213.229.84.96 - - [17/Mar/2011:02:23:09 +0200] "GET /admin/images/user_delete.png HTTP/1.1" 200 767
    213.229.84.96 - asteriskuser [17/Mar/2011:02:23:11 +0200] "POST /admin/config.php HTTP/1.1" 200 1913
    213.229.84.96 - asteriskuser [17/Mar/2011:02:23:32 +0200] "GET /admin/config.php?type=setup&display=routing HTTP/1.1" 200 38766
    213.229.84.96 - - [17/Mar/2011:02:23:33 +0200] "GET /admin/images/arrow_up_down.png HTTP/1.1" 200 472
    213.229.84.96 - asteriskuser [17/Mar/2011:02:23:35 +0200] "GET /admin/config.php?display=routing&extdisplay=1 HTTP/1.1" 200 40436
    213.229.84.96 - - [17/Mar/2011:02:23:36 +0200] "GET /admin/images/blank.gif HTTP/1.1" 200 42
    213.229.84.96 - asteriskuser [17/Mar/2011:02:23:47 +0200] "GET /admin/config.php?display=routing&extdisplay=3 HTTP/1.1" 200 43396
    213.229.84.96 - - [17/Mar/2011:02:23:48 +0200] "GET /admin/images/resultset_down.png HTTP/1.1" 200 850
    213.229.84.96 - - [17/Mar/2011:02:23:48 +0200] "GET /admin/images/resultset_up.png HTTP/1.1" 200 806
    213.229.84.96 - asteriskuser [17/Mar/2011:02:23:52 +0200] "GET /admin/config.php?display=routing&extdisplay=7 HTTP/1.1" 200 42552
    213.229.84.96 - asteriskuser [17/Mar/2011:02:23:57 +0200] "GET /admin/config.php?display=routing&extdisplay=5 HTTP/1.1" 200 40452
    213.229.84.96 - asteriskuser [17/Mar/2011:02:24:02 +0200] "GET /admin/config.php?display=routing&extdisplay=2 HTTP/1.1" 200 41304
    213.229.84.96 - asteriskuser [17/Mar/2011:02:24:13 +0200] "GET /admin/config.php?display=routing&extdisplay=6 HTTP/1.1" 200 46344
    213.229.84.96 - asteriskuser [17/Mar/2011:02:24:20 +0200] "GET /admin/config.php?display=routing&extdisplay=1 HTTP/1.1" 200 40436
    213.229.84.96 - asteriskuser [17/Mar/2011:02:24:26 +0200] "POST /admin/config.php HTTP/1.1" 302 -
    213.229.84.96 - asteriskuser [17/Mar/2011:02:24:26 +0200] "GET /admin/config.php?display=routing&extdisplay=1 HTTP/1.1" 200 45387
    213.229.84.96 - asteriskuser [17/Mar/2011:02:24:31 +0200] "POST /admin/config.php HTTP/1.1" 200 1913
    213.229.84.96 - asteriskuser [17/Mar/2011:02:24:53 +0200] "POST /admin/config.php HTTP/1.1" 302 -
    213.229.84.96 - asteriskuser [17/Mar/2011:02:24:54 +0200] "GET /admin/config.php?display=routing&extdisplay=1 HTTP/1.1" 200 45387
    213.229.84.96 - asteriskuser [17/Mar/2011:02:24:58 +0200] "POST /admin/config.php HTTP/1.1" 200 1913
    213.229.84.96 - asteriskuser [17/Mar/2011:02:25:12 +0200] "POST /admin/config.php HTTP/1.1" 302 -
    213.229.84.96 - asteriskuser [17/Mar/2011:02:25:13 +0200] "GET /admin/config.php?display=routing&extdisplay=1 HTTP/1.1" 200 45387
    213.229.84.96 - asteriskuser [17/Mar/2011:02:25:16 +0200] "POST /admin/config.php HTTP/1.1" 200 1913
    213.229.84.96 - asteriskuser [17/Mar/2011:02:25:27 +0200] "POST /admin/config.php HTTP/1.1" 302 -
    213.229.84.96 - asteriskuser [17/Mar/2011:02:25:27 +0200] "GET /admin/config.php?display=routing&extdisplay=1 HTTP/1.1" 200 45387
    213.229.84.96 - asteriskuser [17/Mar/2011:02:25:31 +0200] "POST /admin/config.php HTTP/1.1" 200 1913
    213.229.84.96 - asteriskuser [17/Mar/2011:02:30:17 +0200] "GET /admin/config.php?type=setup&display=trunks HTTP/1.1" 200 18926
    213.229.84.96 - asteriskuser [17/Mar/2011:02:30:20 +0200] "GET /admin/config.php?display=trunks&extdisplay=OUT_7 HTTP/1.1" 200 42775
    213.229.84.96 - asteriskuser [17/Mar/2011:02:30:24 +0200] "GET /admin/config.php?type=setup&display=routing HTTP/1.1" 200 38766
    213.229.84.96 - asteriskuser [17/Mar/2011:02:30:26 +0200] "GET /admin/config.php?display=routing&extdisplay=1 HTTP/1.1" 200 40436
    213.229.84.96 - asteriskuser [17/Mar/2011:02:30:31 +0200] "POST /admin/config.php HTTP/1.1" 302 -
    213.229.84.96 - asteriskuser [17/Mar/2011:02:30:31 +0200] "GET /admin/config.php?display=routing&extdisplay=1 HTTP/1.1" 200 45387
    213.229.84.96 - asteriskuser [17/Mar/2011:02:30:34 +0200] "POST /admin/config.php HTTP/1.1" 200 1913
    213.229.84.96 - asteriskuser [17/Mar/2011:02:30:46 +0200] "POST /admin/config.php HTTP/1.1" 302 -
    213.229.84.96 - asteriskuser [17/Mar/2011:02:30:46 +0200] "GET /admin/config.php?display=routing&extdisplay=1 HTTP/1.1" 200 45387
    213.229.84.96 - asteriskuser [17/Mar/2011:02:30:49 +0200] "POST /admin/config.php HTTP/1.1" 200 1913
    213.229.84.96 - - [17/Mar/2011:02:30:58 +0200] "GET /admin/images/tab-hover.png HTTP/1.1" 200 2557
    213.229.84.96 - asteriskuser [17/Mar/2011:02:31:26 +0200] "GET /admin/config.php?display=trunks&extdisplay=OUT_9 HTTP/1.1" 200 42724
     
  2. thatjoshguy

    Joined:
    Mar 16, 2011
    Messages:
    2
    Likes Received:
    0
  3. fmvillares

    Joined:
    Sep 8, 2007
    Messages:
    1,785
    Likes Received:
    0
    as obviously a novice user (in security measures surely) uhave been hacked and probably using asterisk user backdoor from freepbxold installs
    try to get professional help asap to reinstall or secure the system as the fail is so serious that some people could let a rootkit or any files hidden to continue the scam.
    U need to learn that security and upgrades are vital to any ip telephony systems
     

Share This Page