[asterisk-biz] PBX got Hacked

Steve Totaro stotaro at asteriskhelpdesk.com
Thu Feb 12 20:26:54 CST 2009 

On Thu, Feb 12, 2009 at 8:53 PM, BJ Weschke <bweschke at gmail.com> wrote:

> Trixter aka Bret McDanel wrote:
> > On Thu, 2009-02-12 at 17:08 -0500, Jared Geiger wrote:
> >
> >> I saw multiple attacks from OVH.NET IP addresses over the last few
> >> weeks as well. I have used a few of the tips in this article to secure
> >> PBXs before as well http://nerdvittles.com/?p=580
> >> (fail2ban/IPTables).
> >>
> >> For switchvox the root account seems to have a key, not a password to
> >> login. You can always boot in single user mode, create a new user and
> >> add that user to the sudoers file then disable root from being able to
> >> login via ssh.conf.
> >>
> >>
> > First let me say I have never used switchvox, but if its linux based
> > then the following should apply.
> >
> > can you not just get a shell?  If you can you shouldnt have to boot into
> > single user mode unless they are doing chattr stuff to only allow
> > editing of the password file on a secure runlevel, and this is rare that
> > its done.
> >
> > /etc/passwd, /etc/shadow, /etc/group, /etc/sudoers are all just text
> > files and its easy to append a line for new users to those files, just
> > as its easy to use the useradd/adduser programs to add users.  sshd.conf
> > is also a text file which requires sshd to restart to take effect but
> > this usually does not drop connections already in process.  This can be
> > as simple as /etc/init.d/sshd restart  or something similar.
> >
> >
> >
> >> You should be able to then setup IPTables on Switchvox as well after
> >> going in and creating the second account.
> >>
> >>
> >
> > the problem is that you would need it to know to use sudo if it doesnt,
> > I do not know if its smart enough to say "you arent root so let me sudo
> > this command".
> >
> >
> >
>  All valid points, but don't forget what the whole objective of Switchvox
> is. While you might very well be able to do what you're suggesting above,
> you might also be voiding warranty/support when you also inadvertently but
> effectively lock out the Switchvox folks from being able to support you. If
> you never want support or interaction from Switchvox again, this might be a
> viable solution for you, but I don't get the impression that most people
> that buy Switchvox in the first place are looking for a "disconnected"
> relationship from them after the initial purchase.
>
>  If Switchvox is recommending that you put their appliance behind a
> firewall and you choose not to, then that's like a plumber installing a
> shower and not caulking the gap between the floor and the wall when the
> manual has suggested that you do so. It may take a while for the water
> leaking through to develop into black mold, rot out the wood behind it, and
> other nice things like that, but it's probably only a matter of time before
> it actually happens.
>
>
>  BJ
>
> --
> Bird's The Word Technologies, Inc.
> http://www.btwtech.com/
>

Huh, what is this propaganda?  Black mold by locking down a Linux system?  I
call BS.

First, SwitchVox will not connect to your box unless you get past the
gatekeepers, AKA "Level 1 Techs Who Answer the Phone" who will keep you
jumping though hoops for week or even months.  Flatly telling you that they
"cannot access your box, they do not have the password".

Besides that, if your box is firewalled, then you have to grant them access,
that is if they grant you the favor to really support their product....

If you do get past the gatekeepers, then you are probably pretty tired of
SwitchVox by now and you have been suffering for weeks with a crippled
mission critical system.

During this hell hole of back and forth "Support", you have plenty of time
to do a SwitchVox backup and then re-install via installation media,
upgrade, and finally restore your backup.

I think is more of a brushoff of "Unsupported" configurations, which means
you are to blame if don''t head the warnings.

1.  Charge for support
2.  Don't provide suppot
3.  Profit

I think most experienced *nix administrators can handle their own IPTables,
OpenVPN, and whatever else.

-- 
Thanks,
Steve Totaro
+18887771888 (Toll Free)
+12409381212 (Cell)
+12024369784 (Skype)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20090212/689b6ecc/attachment.htm

More information about the asterisk-biz mailing list