Freepbx Security

There is a security hole in FreePBX < 13.0.188. Freepbx is vulnerable to Remote command execution due to insufficient sanitization of user input fields.

For more details checkout this link.

https://www.exploit-db.com/exploits/40434/

Its important to keep your free-pbx secure. Once the hacker gets access to your system, they can make thousands of dollar of calls to expensive areas all over the world. Freepbx is free software, but it comes with lot of responsibility. We see lot of people get attracted towards free software but they dont spend enough tough in learning the software and almost no time in how to keep it secure.

If you dont have enough expertise and if you are a small company, please do yourself a favor and consider using hosted phone service.

Check out SIP Trunking Pricing for Freepbx.

 

 

 

Secure your VoIP

No network is immune to any type of malicious attack. Just think about I Love You Virus and the Millennium bug that had wiped out several millions’ worth of data all around the globe. So even your VOIP can be greatly damaged by viruses, phishing attacks, and malware, to name a few.

But that doesn’t mean you cannot do something about them. You have the power to greatly reduce the chances of these attacks by considering the following factors:

 

1.  Reliable VOIP provider

One of your best lines of defense will be your own VOIP service provider. It’s critical to have not only a popular but also dependable and supportive company to deal with. They should already have the infrastructure, backup plan, and security applications ready.

 

2. Security features

Updated anti-virus and firewall programs can already do wonders to make sure you can also protect your system, as well as your VOIP network, from hacks and other types of attacks.

 

3. Common sense.

Phishers sometimes tap into your number and call you for all sorts of reasons, such as pretending to be your bank or credit card issuer, just to obtain your personal details. If the call sounds suspicious, give your real bank or credit card company a call and inquire.

 

4. Alertness

If you think someone has tapped into your system without your permission, if you encounter problems that you have never met before, and if you are receiving anonymous calls, report them to your VOIP provider immediately.

 

VoIP Security Threats

VoIP isn’t immune to several security threats, especially now that scammers and phishers have several ways to capitalize on the technology. Nevertheless, knowing what these potential attacks are will make you more alert and responsible in using the system.

DoS Dodging

This is considered to be the most serious and thus dangerous malicious VoIP attack. It can stop your IP handset from working, cause the server to crash, and extremely slow down your productivity. Worse, it leaves your entire network compromised.

This threat is so difficult to address immediately since hackers usually employ a very slow approach. But you can greatly reduce the risk and prevent it from affecting a large part of your network by downloading, installing, and updating your firewall and anti-virus software.

 Vishing

This is the abbreviated form for VoIP phishing. Phishers can tap into your network and send you a message via a voice synthesis. Sometimes it spoofs numbers, so you’ll be forced to believe that it’s a legitimate call. The “call” may be from a credit card company, lender, or bank; the bottom line is, if you’re not careful, you’ll share your critical personal information such as your bank accounts, credit cards, name, and address.

To reduce exposure in vishing, don’t call the number often left by the phisher. Instead, dial the valid telephone numbers of companies they claim they’re a part of and inquire about the details of the call.

SPIT

Spit is spam over IP telephony. Though this isn’t as popular as DoS or vishing, it can be a prelude to any of mentioned threats. Fortunately, since e-mail anti-spam applications won’t work in spit, companies such as NEC have developed VoIP-specific tools like VoIP Seal.

 

Is your Asterisk system under heavy attack

This week one of our customer was attacked by more than 10000 Unique IPs. These hackers try to register on your system using some random username and easy to crack password. Few week back I wrote few tips on securing your asterisk servers.
https://www.didforsale.com/blog/?p=185

Even if you took all the steps to secure your asterisk, still you dont want these attackers to flood your system with dummy registration requests. Use iptables and easy to implement shell script to block these attackers. You can easily block flooding traffic to your system. Iptables, can be used to filter IP traffic, provides high level packet filtering. Use the shell script below and setup a cron and have a good night sleep. The script will automatically block the IPs flooding your Asterisk system with failed registration requests.

Monitor Asterisk’s Log for Failed Registrations

In most cases of a sip flood attack, the host tries to register on your Asterisk. All the failed attempts from these hosts are identified in the Asterisk log (/var/log/messages or /var/log/full if you are using Asterisk Based PBX  as “No matching peer found.” The following script scans /var/log/full for these patterns, strips the IP address of attacker, and block it.

Script reads the log file and use IPTABLES to block any further attempts. While reading the log file it always set a check in and check out flag. So that next time it can start from last check out position.

Copy the code and save in /usr/local/bin/check_sip_attack
chomod 755 /usr/local/bin/check_sip_attack
#########Start from Next line  ##########

#!/bin/bash
# Script Donated by www.didforsale.com
#crontab -l
# make an entry in Crontab
#01-59/2 * * * * /usr/local/bin/check_sip_attack

PATH=${PATH}:/usr/sbin
BINDIR=dirname $0; echo $BINDIR | grep ^/ > /dev/null || BINDIR=pwd/dirname $0
arch=”uname -muname -s
mach=”hostname

# echo “BINDIR= ”  ${BINDIR}
cd /var/log/asterisk
log=”full”
if [ ! -r ${log} ]; then
printf “could not read error file (${log})n”
else
start=”grep -n -e CRON: start ${log} | tail -n -1 | sed s/:/ /g | awk '{print $1}'
stop=”grep -n -e CRON: stop ${log} | tail -n -1 | sed s/:/ /g | awk '{print $1}'
if [ “$start” = “” ]; then start=0; fi
if [ “$stop” = “” ]; then stop=0; fi
if [ “$start” -le “$stop” ]; then
error=”tail -n +${stop} ${log} | grep -i Registration | grep -i Failed | tail -n +1
if [ ! ( “x$error” = “x” ) ]; then
printf “nnCRON: start — sending info — datenn” >> ${log}
ccc=printf "%s" "$error" | wc -l | awk '{print $1}'
if [ $ccc -gt 0 ]; then
printf “EXCERPT FROM ASTERISK LOG FILE ${log}:nn%snnDONE.nn” “$error”
printf “%s” “$error” > /tmp/sipappatck.tmp
for ip in cat /tmp/sipappatck.tmp | awk '{print $11}' | sort | uniq | sed s/'//g ; do
echo “iptables -I INPUT -s $ip -j DROP”
/sbin/iptables -I INPUT -s $ip -j DROP
done
fi
printf “nnCRON: stop — info sent — datenn” >> ${log}
fi
fi
fi

exit 0

# end
#########Stop here ##########

Final step is to schedule the script with cron. Add a line in cron.

01-59/2 * * * * /usr/local/bin/check_sip_attack
This will run the scrip for every two minutes (Of course you can change the timings) and have a good night sleep.

Any questions or comments are very welcome.

www.didforsale.com