Elastix 2.0 rejecting SSH, HTTPS connections

Discussion in 'General' started by eNoisy, Feb 2, 2011.

  1. eNoisy

    Joined:
    Jul 24, 2010
    Messages:
    59
    Likes Received:
    0
    Hi,

    I hope all the information I'm providing would be enough to get someone to help me.

    As I'm relatively new using Linux, I was wondering if someone could help me trying to identify if there is any way (which are the correct logs to check) to see what happened to a remote Elastix 2.0 machine I'm looking after.

    Initially it was rejecting SSH connections, it got to the state where it asked me for the root password, however when I entered it (100% sure I was using the correct password) it replied with a message saying that the server was busy to allow connections or was being restarted.
    I tried to access it through https, and it didn't work either, the website was not found.

    Port forwarding was configured correctly as i could access the machine before.

    The system was not taking incoming PSTN calls (OpenVox A1200P), however the users were able to make outgoing calls trough a configured IAX trunk.

    Now the system is up and running, as the user had to restart the machine the hard way (by the power button). I made tests and now it is accessible through HTTP, SSH, they can receive PSTN calls.


    Thank you.
     
  2. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    You have probably been compromised,

    check you /var/log/secure file for unwarranted intrusions.
    netstat and lsof will help you identify the "alien" processes running (sorry no quick tutorial here. just the man pages)

    check the security forum for suggestions as to how to install a firewall and change sshd ports, don't put the /tmp file on a physical drive, use a ram based file system instead or the penetration will usually be maintained over a reboot. install rkhunter or something similar (if it's not too late :) ) and particularly check your cron jobs, especially anything in /tmp, the list goes on but by default Elastix is intrinsically insecure, as are most linux distributions.

    good luck

    dicko
     

Share This Page