[asterisk-biz] PBX got Hacked

[Alex Balashov]

Agreed strongly.

1) For one, it sounds like you allowed remote root logins directly via 
SSH via password.  Many people seem to do this for convenience.  This is 
VERY BAD and should NEVER, EVER be allowed under any circumstances. 
Only password access to user accounts should be permitted 100% of the time.

2) Secondly, SSH should really not be open to the public at all.  With 
some hosts, that just can't be helped (public access boxes).  For a PBX, 
there is absolutely no reason why SSH should be open to anyone but you.

My SSH on all servers is firewalled to everyone in the world and I can 
only get in through an OpenVPN management VPN.  If for some reason that 
fails or I am on a host that doesn't have a client, there are a few IPs 
that are allowed in as a back door.  That's it.

If you are not following #1 and #2 and got hacked, there really should 
not be any surprises.  And if you don't know how SwitchVOX works under 
the hood and what it sets these settings to, that's even worse.

Stefan Wintermeyer wrote:

> Am 08.02.2009 um 02:31 schrieb VIP Carrier:
>> Here is an IP witch they have used to access a system 116.122.36.95
> 
> Give me a break!
> 
> If you can not stand the heat of the _dangerous_ internet: Get your  
> self a pair of scissors and cut all network cables!
> 
> If you run a server in the wild you have to know what you are doing.  
> This is not a problem of SwitchVOX or any other kind of appliance/ 
> software. This is just a problem of having common sense and knowledge  
> of the stuff you are doing.
> 
>    Stefan
> 
> PS: In the good old times our clients all had official IP addresses  
> and we used telnet to log into our Linux boxes. But things have  
> changed quite a bit since then.
> 


-- 
Alex Balashov
Evariste Systems
Web    : http://www.evaristesys.com/
Tel    : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
Mobile : (+1) (678) 237-1775