Hacked ?

Discussion in 'General' started by bobmats, Feb 17, 2011.

  1. bobmats

    Joined:
    Aug 12, 2010
    Messages:
    5
    Likes Received:
    0
    Seems like someone was able to get access to my elastix box which runs on a vps.

    The box itself was not used to make call but the accesscodes to some trunks were used. This happened twice now in 10 days time. After the first time all passwords were changed but still 2 days ago I saw misuse.

    Since I only use prepaid the amount is not huge but stil it cost me money.

    Fail2ban has been installed by the provider.
    My only concern is that the standard mysql password used by elastix is still in place. How can I change this.

    I am still on version 2.0.0 and in another thread I asked how I can update to a newer version 2.0.x as this might help to close some gaps there might be.

    Otherwise I don't know what to do or can I get paid support for someone to look into the box and make it more secure.
     
  2. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Fail2ban will only work if the Asterisk jail is added to the default setup.

    By default only root@localhost has access to mysql, if they used that then they must have gained root login, which a far bigger problem.

    I suggest you browse the Security forum here for a number of suggestions as to what services should be allowed from outside and why. A default FreePBX box is generally easily penetrated at https://<your-ip>/admin with "well known" accounts, my guess is this is where your security problem is.

    Ultimately you will need a properly configured firewall, I suggest CSF to control iptables and only allow the minimum address space into your box others suggest other methods, It doesn't matter what you use as long as you use something effective.
     

Share This Page