Yesterday we had a hack attempt on our Asterisk servers. Unfortunately it succeeded, lots of outgoing calls to Korea, China etc. (just saw the phone bill and can’t laugh anymore).
I still don’t know how this was possible?
FreePBX is installed following the instructions on this site.
We have a hardware firewall (Cisco)
SSH is blocked
passwords were strong
allowguest is set to no
alwaysauthreject is set to yes
What can I do to prevent this? Since our customers do not have a fixed IP I cannot exclude on IP. I cannot edit my dialplans since they (the hacker) made their own in freepbx. I cannot set calender control since we handle calls 24/7…
I really don’t know what options I have left so any advice is welcome.
Well we made it possible for end users to access the recording page and for managers to access admin page (very limited rights).
We have now chosen to only open the recordings page via port 80 and create a VPN for the admin page. But perhaps we could do it for both pages… have to look at this… Thanks!
hi you know I read this post (sorry u got hacked) and one thing caught my eye. The part about leaving port 80 open to access recordings. I don’t have any “customers” but just use my pbx for personal use, however I do want/would like to be able to access my recordings portal from outside the LAN. (as of now this is not possible due to my firewall).
I wonder, is it possible to set up another machine (either physical or a virtual machine perhaps on the same hardware as freepbx) that is used solely for safe access to the voicemail/recordings portal? e.g. different passwords, no other services running on it just basically a LAMP server that points to the PBX in a secure way (whitelisted IP or something).
I don’t even know for sure if this is “safer” than having the recordings portal exposed on the pbx itself (perhaps not on port 80, for example)
would like to hear more comments on this if anyone has done this or if there are better methods for secure access outside of the lan.