[asterisk-biz] PBX got Hacked

VIP Carrier vipcarrier at gmail.com
Sun Feb 8 13:29:22 CST 2009 

As Andrew from Anteli have mentioned there is no way to access switchvox via
SSH only web gui! and there is no way to read a logs as well.
So we are stock Digium can't help us! they just simply said just use a CD to
reinstall the system! how f at cking nice tech support.


On Sun, Feb 8, 2009 at 10:19 AM, Andrew M. Lauppe <alauppe at anteil.com>wrote:

>  I'm not standing up for SwitchVOX but I would point out that, on that
> platform, the root password is both unknown/undocumented, and there is no
> way to activate it for end-user access short of booting from a recovery CD
> and using single-user mode or chroot and running passwd.
>
> In other words, SSH is useless on that platform so this machine had to be
> hacked some other way. Also - with no shell access, there is no access to
> the apache or asterisk logs, and no way to install fail2ban. If you're
> running switchvox, you *NEED *to put it behind a firewall with logging.
>
> If you need help securing switchvox, or building a firewall with proper
> logging support, let us know. Anteil is happy to help.
>
> Andy
>
>    [image: Anteil, Inc.] <http://www.anteil.com>
> ------------------------------
>      *Andrew M. Lauppe
> * *Consultant*
>
>  4051B Executive Park Dr.
> Harrisburg, PA 17111
> ------------------------------
> +1 (877) OS-LINUX x23
> +1 (484) 421-9919 direct
>
>
> voip-asterisk at maximumcrm.com wrote:
>
>  On Sat, 2009-02-07 at 21:54 -0500, Alex Balashov wrote:
>
>
>  Agreed strongly.
>
> 1) For one, it sounds like you allowed remote root logins directly via
> SSH via password.  Many people seem to do this for convenience.  This is
> VERY BAD and should NEVER, EVER be allowed under any circumstances.
> Only password access to user accounts should be permitted 100% of the time.
>
> 2) Secondly, SSH should really not be open to the public at all.  With
> some hosts, that just can't be helped (public access boxes).  For a PBX,
> there is absolutely no reason why SSH should be open to anyone but you.
>
> My SSH on all servers is firewalled to everyone in the world and I can
> only get in through an OpenVPN management VPN.  If for some reason that
> fails or I am on a host that doesn't have a client, there are a few IPs
> that are allowed in as a back door.  That's it.
>
>
>
>  Having the ssh server at the default port and accepting password
> authentication its a security problem waiting to happen.
> Looking at firewall logs you can see that the ssh port is scanned
> routinely and brute force attacks happen all the time.
> If you need to have ssh access open, move it a another port,disable
> password auth and use only publickey auth.
> Also as I see more and more companies implementing a strict "no incoming
> ports open" policy (which is good), an option is to have a reverse ssh
> tunnel.http://skoroneos.blogspot.com/2009/01/doing-reverse-ssh-tunnel-embedded-way.html
>
>
> I have implemented this in our embedded asterisk distro and now works
> with the dialplan also.
> i.e you trigger the connection from inside by dialing a number
>
>
>  There are other ways too, including port knocking.
>
> For SIP bruteforce attack, I use fail2ban to monitor the logs and firewall
> any attacks,in addition to having strong passwords and long sip user ids.
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-biz
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-biz
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20090208/87016ae7/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 3436 bytes
Desc: not available
Url : http://lists.digium.com/pipermail/asterisk-biz/attachments/20090208/87016ae7/attachment.jpeg

More information about the asterisk-biz mailing list