I had reason to check my Asterisk phone server logs today and noticed some script kiddies have been knocking on its door. Apparently an exploit kit exists that hacks into Asterisk PBXs and allows you to register as a phone on these systems. Way back in 2002 I put some firewall rules in place which allowed fairly wide open access to my Asterisk system. They had been there so long that I never revisited them, but on the other hand I never had much reason to.

I’m not quite sure what the point is as VoIP makes calling any number in the world virtually free, and VoIP-to-VoIP calls are completely free. Where’s the incentive to hack? Heck, back in my day when ten-cents-per-minute long distance was considered a bargain there were plenty of tools and methods to get free calls. Not that I ever tried them, mind you, but I knew a number of people who did (Apple Computer might not exist today if it weren’t for this kind of petty larceny).
Continue reading →