[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Asterisk Hacked

Posted on 2014-07-15
2
Medium Priority
?
407 Views
Last Modified: 2015-03-23
They have a problem with our Asterisk server, we hacked the Elastix administrator account and created an extension and they made ​​calls to Cuba.

I need help to improve security beyond Good Practices for Protection Against PBX Security

http://www.xorcom.com/files/techdocs/app-note-good-practices-for-protection-against-pbx-security-threats.pdf
0
Comment
Question by:WebserviceMX
2 Comments
 
LVL 15

Expert Comment

by:Phonebuff
ID: 40199195
So, if you have been hacked then you should rebuild by hand from bare metal --

Your Firewall should prevent anyone outside your facility from accessing the GUIs.

See some of the notes on the PBXinaFlash forum on security and the use of IPTables.

======================
0
 
LVL 1

Accepted Solution

by:
Dwibendu Moharana earned 1500 total points
ID: 40258731
Now a Days A lot of hacking attacks is going on using some script call mgtest.

using the vtiger backdoor they are inserting code in to elastix server and making international call.

You Can Use CSF(Central Security Firewall) A software based firewall to prevent anonymous attacks through public ip.

http://www.liquidweb.com/kb/csf-config-server-firewall-installation/

Also Need to Block Port 80 and 5060 via public ip.

Enable a anti-hack addons or Fail2ban in elastix it will send a mail if any one try to access you system.

in sip.conf make allowguest=no

In Elastix Turn off anonymous call advance settings.

Also You Can Refer To This link

http://automation.binarysage.net/?p=175
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses
Course of the Month20 days, 12 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question