Cant stop atacks.

jervin19801

Joined
Feb 9, 2010
Messages
3
Likes
0
Points
0
#1
Hello everybody!

Situation 2 elastix 2.0 firs for calling out with a2billing second is just for end user with freepbx!

Account got hacked! Than I set up fail2bann on both system and add a very strong password.
Account hacked again!!! withouth a call log on second system.
Is there some line to add to trunk like secure or type to get secure the trunk?? or where they get account details? Other users are withouth problem 2 time atacked the same account name.
There is just "chan_iax2.c: No registration for peer xxx" something like this on log for second system. But I dont use IAX.

thanks a lot if there is a solution! Its cost so much :(
 

kingjm

Joined
Aug 5, 2010
Messages
29
Likes
0
Points
0
#2
have you loaded apf, bfd, rootkit, fail2ban, root breach detector?
These are some good first steps. Make sure to all default passwords.

elastix without tears has a section on how to help lock down your system
 

fmvillares

Joined
Sep 8, 2007
Messages
1,785
Likes
0
Points
0
#3
there are at leats 20 or 20 ways...but u need to study and learn first...FIREWALLS
IDS, IPS, ANTIROOTKITS, ASETRISK UPGRADED ALL THE TIME!!
I think u need to catch up with professional help this time ask your elastix or digium certified solutions provider next to your localtion and pay for support
 

glennbtn

Joined
Oct 13, 2009
Messages
29
Likes
0
Points
0
#4
I use a good password underutilising pwgen in linux. So from termibal pwgen -S 12 will give you some good passwords to use.

Setup iptables and only open the port to the public for the calls ie 5060, 10000-20000 etc

Make use fail2ban is set to a low enough fail rate in a short time. I use 3 fails in 300 seconds. I would rather a user call as they were blocked than hacked.

We have a number of pbx's running like this with very little problems

Glenn
 

fraggle4

Joined
Apr 22, 2009
Messages
98
Likes
0
Points
0
#5
If you installed fail2ban etc on after you got hacked, you may be locking the door after the baddy got inside. I would reinstall that pbx from scratch and implement the security features pre-deployment.

You should not have to open any firewall ports to the outside at all if your SIP trunks register OK. For remote extensions, use a VPN rather than opening ports. I see probes now and again to port 5060 and thereabouts, but they don't get past my firewall.

Plenty of advice on this topic on all the fora.
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,913
Messages
130,917
Members
17,589
Latest member
cristian.saiz
Top