My system sits on a private network behind cisco router with public IP. Yet still I was the a victim of hacking. An hacker took over one of my extensions and made a massive amount of calls for the past three days depleting all my credit with VoIP provider.

Is there a command I can run to find the IP's where these calls came from, and any extra advise on how to totally lock down server would be appreciated

Thanks

Hi.
You could protect you with iptable, and fail2ban.
There's lots of posts about that on this forum.

Try to look at the asterisk logs : /var/log/asterisk/full

Good luck

Regards.

were your extensions using easy passwords?
Did you not limit your extensions to only LAN registration?

I would suggest that you read the security forum and all the good advices that are written in detail there. As Franck wrote the minimum to every system:

-use real password for extensions.
-use the permit/deny adapted to each extension use
-install fail2ban
-change all passwords (freepbx, elastix, mysql, fop, manager, ....)

you can add some others like
-use prepaid on your trunk provider to limit your losses in case of hack
You will find some really good articles on all these issues.

I will try these methods immediately.

Also is there such a tool that can encrypted extension passwords, passwords are written in plain text then converted to hexadecimal.

Like md5sum

Yes, of course, you could use the encoded digest md5.
Example:


Regards

danardf wrote:
Like md5sum

Yes, of course, you could use the encoded digest md5.
Example:

Code:

echo -n "100:asterisk:passwd" | md5sum

Regards


Is there any other software that can be downloaded and used to encrypt passwords

Hmmm. I don't know.
I always use this to encrypt the password.
Maybe that yes.

Hmmm. I don't know.
I always use this to encrypt the password.
Maybe that yes.

Hmmm. I don't know.
I always use this to encrypt the password.
Maybe that yes.

Hello Franck

comment ca va? Argentina ou Brasil ?, pour moi c'est Brasil.


My opinion is if you need to protect your passwords with md5 (which is a good idea but not easily supported in FreePBX) then you have assumed that your system can be compromised, i.e. they have access to to your sip*.conf files

This is not acceptable and jmorrison26 MUST change ALL authorities he uses, with the extensions and the providers, setting every extension to use md5auth will be a real PITA in FreePBX and every extension he adds. I suggest a complete RESET, assume it is totally fucked up and just redo it with careful consideration, and reasonable security (use strong Eff$%%^^YF passwords) add fail2ban, CSF, rkhunter . . . whatever floats your boat.

JM2CWAE


dicko