Topic: Weird SIP files in Primary bay/html

[tias]

Hi, kind of sad because I suppose mine server got attacked.

Starting the process to check the logs, but found these files in primary bay, which I suppose shouldn't be there.

-rw-r--r--  1 root shared  155 May  6 23:24 aastra.cfg
-rw-r--r--  1 root shared   12 May  6 23:24 OS79XX.TXT
-rw-r--r--  1 root shared  110 May  6 23:24 RINGLIST.DAT
-rw-r--r--  1 root shared   23 May  6 23:24 seldir
-rw-r--r--  1 root shared  220 May  6 23:24 sip.cfg
-rw-r--r--  1 root shared  188 May  6 23:24 SIPDefault.cnf
-rw-r--r--  1 root shared  162 May  6 23:24 spa1000.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa2000.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa2002.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa2102.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa3102.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa841.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa901.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa921.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa922.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa941.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa942.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa962.cfg
-rw-r--r--  1 root shared  161 May  6 23:24 spaPAP2T.cfg
-rw-r--r--  1 root shared 1064 May  6 23:24 XMLDefault.cnf.xml

What kind of files are these? seems like they belong to asterisk, but why in Primary/html...

The file seldir:

Fred Bloggs,5136622398

No one I know or called.

And the file SIPDefault.cnf includes:
; sip default configuration file

# Image Version
image_version: P0S3-08-7-00 ;
# Proxy Server
proxy1_address: 192.168.1.210 ;
proxy_register: 1 ;
logo_url: "http://192.168.0.5/logo.bmp" ;

the IP 192.168.0.5 is indeed my internal IP of the server but 192.168.1.210 isn't familiar...

What to do, moved these files out of the ibay to a non to reach place.

[jester]

Hi Tias,

Those are files for provisioning telephones with some sample data in them (like: Fred Bloggs). If you don't use provisioning (see SAIL > Global settings > TFTP Server > NO) and are really paranoid you could move them somewhere else i guess.

HTH,
jester.

[tias]

But, what are thoose files doing in my Primary bay?

Seems like they shouldn't be there...

[SARK devs]

Hello Tias,

The files get put there by SAIL.  This is to allow remote phones to get their provisioning data using HTTP.  Why do we use the primary I-Bay?  Because it will always be there and it makes remote provisioning very easy.

Maybe we should put a switch into Globals to control whether it gets used or not.  I'll have a think about it.

Oh, and the IP addresses you see are generated from sample data left on the SAIL database after testing.  192.168.1.210 just happens to be the internal address of one of our test servers.

Kind Regards

S



 

 

[tias]

Thanks for the info regarding the files. Now I can sleep well 

//Tias