We have about 20 hosted freepbx distros running.
I also use htaccess to allow only dutch ip addresses for the webinterface.
Now we have strange outbound calls (alot) on 3 older systems with asterisk <=1.8.9
and one elastix with asterisk 1.6.x.
I cannot find out why only on these systems. The only thing they had in common was that the had a fop1 panel (now disabled) Also all “allow guest sip” is turned off.
What could be the reason that the newer distro’s with freepbx 2.10 are not under attack?
I can only point out the older asterisk versions in combination with the old fop.
I am now looking for a script to allow only dutch ip addresses to register in sip device ( I think that is the best solution) unless you may have some tips.
Do you have iptables and/or fail2ban running on the old systems. If not you could look at setting up some iptables rules to only allow port 5060/UDP access from the ranges of Dutch IP addresses and use fail2ban to prevent repeated hacking attempts. There is a lot of discussing on the PBX in a Flash forums on iptables setup and fail2ban as they are pretty hot on Asterisk/FreePBX security over there.
I adjusted a script from nerdvittles [http://nerdvittles.com/?p=639]with dutch ip addresses in mysql and it checks every minute or 5 minutes if a device is registred with a dutch ip, if not then it will ad a deny rule in IPtables an send you an email for info.
All automated through cronjob.
A quite easy click and play script with very little overhead needed.
If interested, I can mail the script with a manual.
A complete easy alternative solution I cannot find. A lot of discussions, but no easy solutions.
The strange thing is that the old pbxs are setup the same as the new ones with iptables and fail2ban. Now I updated one PBX to a new Distro with asterisk 1.8.18 and the hacking stopped. All password and settings are still the same.
Yes that is correct.
As another security I set outbound channels from 0 to 2 channels on the trunk and devices.
Also calls could not be made because a rtp retransmission error.
As we are also a voip provider with a billing platform, I saw a lot of calls made from these older freepbxdistro’s, that is why I started to look further.
I know that security issue, you nicely noticed this in the updates overview.
But as I can see that was to crash some stuf.
For now nobody from countrie’s other then Netherlands can call out with my new little script. And If they do, thay get permenently blocked after a minute.