[asterisk-biz] PBX got Hacked

BJ Weschke bweschke at gmail.com
Thu Feb 12 19:53:23 CST 2009 

Trixter aka Bret McDanel wrote:
> On Thu, 2009-02-12 at 17:08 -0500, Jared Geiger wrote:
>   
>> I saw multiple attacks from OVH.NET IP addresses over the last few
>> weeks as well. I have used a few of the tips in this article to secure
>> PBXs before as well http://nerdvittles.com/?p=580
>> (fail2ban/IPTables). 
>>
>> For switchvox the root account seems to have a key, not a password to
>> login. You can always boot in single user mode, create a new user and
>> add that user to the sudoers file then disable root from being able to
>> login via ssh.conf.
>>
>>     
> First let me say I have never used switchvox, but if its linux based
> then the following should apply.
>
> can you not just get a shell?  If you can you shouldnt have to boot into
> single user mode unless they are doing chattr stuff to only allow
> editing of the password file on a secure runlevel, and this is rare that
> its done. 
>
> /etc/passwd, /etc/shadow, /etc/group, /etc/sudoers are all just text
> files and its easy to append a line for new users to those files, just
> as its easy to use the useradd/adduser programs to add users.  sshd.conf
> is also a text file which requires sshd to restart to take effect but
> this usually does not drop connections already in process.  This can be
> as simple as /etc/init.d/sshd restart  or something similar.
>
>
>   
>> You should be able to then setup IPTables on Switchvox as well after
>> going in and creating the second account.
>>
>>     
>
> the problem is that you would need it to know to use sudo if it doesnt,
> I do not know if its smart enough to say "you arent root so let me sudo
> this command".  
>
>
>   
 All valid points, but don't forget what the whole objective of Switchvox is. While you might very well be able to do what you're suggesting above, you might also be voiding warranty/support when you also inadvertently but effectively lock out the Switchvox folks from being able to support you. If you never want support or interaction from Switchvox again, this might be a viable solution for you, but I don't get the impression that most people that buy Switchvox in the first place are looking for a "disconnected" relationship from them after the initial purchase.
 
 If Switchvox is recommending that you put their appliance behind a firewall and you choose not to, then that's like a plumber installing a shower and not caulking the gap between the floor and the wall when the manual has suggested that you do so. It may take a while for the water leaking through to develop into black mold, rot out the wood behind it, and other nice things like that, but it's probably only a matter of time before it actually happens.


 BJ

--
Bird's The Word Technologies, Inc.
http://www.btwtech.com/

More information about the asterisk-biz mailing list