Our freepbx server is being hacked

emram · July 27, 2011, 11:46pm

Hi,

During the past few days, I’ve been seeing that somebody has been able to hijack one of our extensions, added dial patterns, and tried to dial several numbers in Israel. Since our system which is a freepbx 2.5.2.4 has been hacked, I changed the password for the extensions and the default asterisk password. We have set up our asterisk server so that no one can do a remote console.

Our server is outside of the firewall. I was wondering how the hacker can penetrate our freepbx server.

I was thinking of changing the MySQL password also.

Any recommendations and explanation would be appreciated.

Thanks,

Manny

SkykingOH · July 28, 2011, 12:48am

Suggestion - Place the firewall in front of the server, not behind it. It’s works much better that way.

nbsberlin · August 2, 2011, 9:38pm

Never ever place any server outside the firewall and keep the firewall as tight as possible. If you do not need external people from random IP’s connecting, lock down 5060 and the RTP ports to only allow communication from your trunk providers. There are a ton of script kiddies around (mainly Ukraine and Czech Republic) scanning for port 5060 being open…

Also: iptables need to be set & activates as well, but you still need the firewall.