Koozali.org: home of the SME Server

Obsolete Releases => SME VoIP (Asterisk, SAIL etc) => Topic started by: tias on May 20, 2008, 11:32:28 AM

Title: Weird SIP files in Primary bay/html
Post by: tias on May 20, 2008, 11:32:28 AM

Hi, kind of sad because I suppose mine server got attacked.

Starting the process to check the logs, but found these files in primary bay, which I suppose shouldn't be there.

-rw-r--r--  1 root shared  155 May  6 23:24 aastra.cfg
-rw-r--r--  1 root shared   12 May  6 23:24 OS79XX.TXT
-rw-r--r--  1 root shared  110 May  6 23:24 RINGLIST.DAT
-rw-r--r--  1 root shared   23 May  6 23:24 seldir
-rw-r--r--  1 root shared  220 May  6 23:24 sip.cfg
-rw-r--r--  1 root shared  188 May  6 23:24 SIPDefault.cnf
-rw-r--r--  1 root shared  162 May  6 23:24 spa1000.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa2000.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa2002.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa2102.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa3102.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa841.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa901.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa921.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa922.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa941.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa942.cfg
-rw-r--r--  1 root shared  162 May  6 23:24 spa962.cfg
-rw-r--r--  1 root shared  161 May  6 23:24 spaPAP2T.cfg
-rw-r--r--  1 root shared 1064 May  6 23:24 XMLDefault.cnf.xml

What kind of files are these? seems like they belong to asterisk, but why in Primary/html...

The file seldir:

Quote

Fred Bloggs,5136622398

No one I know or called.

Quote

And the file SIPDefault.cnf includes:
; sip default configuration file

# Image Version
image_version: P0S3-08-7-00 ;
# Proxy Server
proxy1_address: 192.168.1.210 ;
proxy_register: 1 ;
logo_url: "http://192.168.0.5/logo.bmp" ;

the IP 192.168.0.5 is indeed my internal IP of the server but 192.168.1.210 isn't familiar...

What to do, moved these files out of the ibay to a non to reach place.

Title: Re: Weird SIP files in Primary bay/html
Post by: jester on May 20, 2008, 12:08:23 PM

Hi Tias,

Those are files for provisioning telephones with some sample data in them (like: Fred Bloggs). If you don't use provisioning (see SAIL > Global settings > TFTP Server > NO) and are really paranoid ;) you could move them somewhere else i guess.

HTH,
jester.

Title: Re: Weird SIP files in Primary bay/html
Post by: tias on May 20, 2008, 12:32:23 PM

But, what are thoose files doing in my Primary bay?

Seems like they shouldn't be there...

Title: Re: Weird SIP files in Primary bay/html
Post by: SARK devs on May 22, 2008, 12:32:44 AM

Hello Tias,

The files get put there by SAIL.  This is to allow remote phones to get their provisioning data using HTTP.  Why do we use the primary I-Bay?  Because it will always be there and it makes remote provisioning very easy.

Maybe we should put a switch into Globals to control whether it gets used or not.  I'll have a think about it.

Oh, and the IP addresses you see are generated from sample data left on the SAIL database after testing.  192.168.1.210 just happens to be the internal address of one of our test servers.

Kind Regards

S



 

 

Title: Re: Weird SIP files in Primary bay/html
Post by: tias on May 22, 2008, 12:39:12 AM

Thanks for the info regarding the files. Now I can sleep well  :-D

//Tias