Cant stop atacks.

Discussion in 'General' started by jervin19801, Mar 25, 2011.

  1. jervin19801

    Joined:
    Feb 9, 2010
    Messages:
    3
    Likes Received:
    0
    Hello everybody!

    Situation 2 elastix 2.0 firs for calling out with a2billing second is just for end user with freepbx!

    Account got hacked! Than I set up fail2bann on both system and add a very strong password.
    Account hacked again!!! withouth a call log on second system.
    Is there some line to add to trunk like secure or type to get secure the trunk?? or where they get account details? Other users are withouth problem 2 time atacked the same account name.
    There is just "chan_iax2.c: No registration for peer xxx" something like this on log for second system. But I dont use IAX.

    thanks a lot if there is a solution! Its cost so much :(
     
  2. kingjm

    Joined:
    Aug 5, 2010
    Messages:
    29
    Likes Received:
    0
    have you loaded apf, bfd, rootkit, fail2ban, root breach detector?
    These are some good first steps. Make sure to all default passwords.

    elastix without tears has a section on how to help lock down your system
     
  3. fmvillares

    Joined:
    Sep 8, 2007
    Messages:
    1,785
    Likes Received:
    0
    there are at leats 20 or 20 ways...but u need to study and learn first...FIREWALLS
    IDS, IPS, ANTIROOTKITS, ASETRISK UPGRADED ALL THE TIME!!
    I think u need to catch up with professional help this time ask your elastix or digium certified solutions provider next to your localtion and pay for support
     
  4. glennbtn

    Joined:
    Oct 13, 2009
    Messages:
    29
    Likes Received:
    0
    I use a good password underutilising pwgen in linux. So from termibal pwgen -S 12 will give you some good passwords to use.

    Setup iptables and only open the port to the public for the calls ie 5060, 10000-20000 etc

    Make use fail2ban is set to a low enough fail rate in a short time. I use 3 fails in 300 seconds. I would rather a user call as they were blocked than hacked.

    We have a number of pbx's running like this with very little problems

    Glenn
     
  5. fraggle4

    Joined:
    Apr 22, 2009
    Messages:
    98
    Likes Received:
    0
    If you installed fail2ban etc on after you got hacked, you may be locking the door after the baddy got inside. I would reinstall that pbx from scratch and implement the security features pre-deployment.

    You should not have to open any firewall ports to the outside at all if your SIP trunks register OK. For remote extensions, use a VPN rather than opening ports. I see probes now and again to port 5060 and thereabouts, but they don't get past my firewall.

    Plenty of advice on this topic on all the fora.
     

Share This Page