Trixbox getting hacked

In the process of launching that update, the system was hacked. We were hooked up to land lines, and they were able to use those for a night, those have since been disabled.

I was running freepbx 2. If you are not familiar with IP security I would suggest you engage someone who does. This system was installed and built several years back.

I program everything through freepbx though. Now that you are compromised it is going to be best to wipe and start over on a newer currently supported distro, as you really have no way of knowing what has been changed or how deep the compromise is.

If you are still running trixbox you are asking for trouble. Download the latest FreePBX distro and install everything from scratch. Once the system is up the first thing you do is setup your iptables firewall. This will only allow SIP calls from registered trunks.

Another option is to outsource the whole system and just register your extensions with a FreePBX provider. Not even they have the time and energy to go through hundreds of thousands of lines of code.

Anyways why am I saying this? I am a developer. Do I not trust in my own project? However there are a couple of things working against FreePBX. You need to update your freepbx…Changing password will not solve. I went through exactly your path…Take a look at how to upgrade freepbx distro. Just follow the steps. Anyway, I was one of the largest advocates of VPN in day. You just login to your VPN site from your browser and boom you are in to any web app you need. I know TWC has move to an out of band management network.

Set the SSHD options to not allow root login and very short timeout. Fail2ban will kill you after 3 tries. One more tip. You can add your Putty proxy without screwing up access for whole WIN box. Will I see you this week at Astricon? I am glad that quite a few people have tried to help to overwhelm this issue, however I still think that it is not to do with my server box because there is also a2billing installed on the same server and the hacker has not been able to touch my a2billing at all and this makes me think that this little hacker has possibly got access to the freepbx update files and things and he can get access to the freepbx web interface or the asterisk database and he can do what he wants to do but what has been upsetting to me the most is that he always uses the same username and I am not able to change it even from the command line by going into the MySQL database.

I hope you experts can tackle this hacker because it is clear that it is to do with FreePBX and not anything else. You have compromised files on your system still. Our security checker would tell you that. However it is not full proof. You can blame freepbx all day long but the fact remains if you kept your system up to date you would not be running into these issues.

You will most likely have to reinstall at this point. Strangely you keep acting as though the freepbx team has not solved this issue. But we have. Two weeks ago. Then I spent another 1 day to figure out why my fail2ban is not banning.

I believe fail2ban was modified by the exploited as well. Notice my fail2ban was not banning sip wrong password attempts. A graphic of antivirus software running. Tags: Hacking cyberattacks phishing viruses. Subscribe Sign up to our newsletter for exclusive updates and enhanced content.

Subscribe Now. Subscribe Sign up to get Al Bawaba's exclusive celeb scoops and entertainment news.