Hacked ?

bobmats

Joined
Aug 12, 2010
Messages
5
Likes
0
Points
0
#1
Seems like someone was able to get access to my elastix box which runs on a vps.

The box itself was not used to make call but the accesscodes to some trunks were used. This happened twice now in 10 days time. After the first time all passwords were changed but still 2 days ago I saw misuse.

Since I only use prepaid the amount is not huge but stil it cost me money.

Fail2ban has been installed by the provider.
My only concern is that the standard mysql password used by elastix is still in place. How can I change this.

I am still on version 2.0.0 and in another thread I asked how I can update to a newer version 2.0.x as this might help to close some gaps there might be.

Otherwise I don't know what to do or can I get paid support for someone to look into the box and make it more secure.
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#2
Fail2ban will only work if the Asterisk jail is added to the default setup.

By default only root@localhost has access to mysql, if they used that then they must have gained root login, which a far bigger problem.

I suggest you browse the Security forum here for a number of suggestions as to what services should be allowed from outside and why. A default FreePBX box is generally easily penetrated at https://<your-ip>/admin with "well known" accounts, my guess is this is where your security problem is.

Ultimately you will need a properly configured firewall, I suggest CSF to control iptables and only allow the minimum address space into your box others suggest other methods, It doesn't matter what you use as long as you use something effective.
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,902
Messages
130,887
Members
17,565
Latest member
omarmenichetti
Top