provided by Star2Billing S.L.

First I go to explaine very clear .-

Areski make and work in a2billing and make one great job but how I means and also asiby adn others . Is possibel solve many vulnerabilities in a2billing with one simple line code.

if hi not make by now. you understand is not my problem.

About LEGAL CRIMINAL ACTIONS:

1.- I go to complain every time in court if I get probe of hacking and in this I go to invest in one International Lawyer . For take the folks and pay for any possible damage and cost.

2.- Chmod not solve one silly change one user with one script. I think you need more information ABout hacking. There many system for hack and f*ck any server also behind firewalls. If you not belive ask to MICROSOFT
This people have very bad experience every year.-

4.- The problem of the hacker really is more and more big this years
http://afgen.com/terrorism1.html
http://www.informationweek.com/news/int ... =205901631

a) England is one country for political reasons is first point for hackers.-

We look really with many Consultant time before how solve the security problems in A2billing and all means "A2biolling have a complicated code and need to REBUILD big part of this"

This means we need to invest more money and time to private company's with not have any security go to solve.



I think many company's also by here go to put Money in this project with this conditions.

This is our common goals and we are making our best to improve this soft!
I will contact you offline to collect maximum information!

Rgds, Areski

I reckon the comprehension of the language corrensponds to your ease of expression.




( eat this, babelfish!)

This is good to know; I make no claim to be an expert on web-application security but I was under the impression a properly configured server is not susceptible to these exploits. I always use the Suhosin patch for PHP, which guards against many common attack vectors. I disallow SSH password authentication, relying on keys alone to get access. Every account with shell access gets a different strong password (via 'passook -p1'), and no passwords are ever left at defaults. I use directives in the Apache vhost definition to require an additional authentication (by IP, or user/pass) on the Admin UI. I wouldn't dream of running Asterisk or Apache as root (like trixbox, last time I checked!), issuing insane chmods, or installing anything not directly related to A2B. I run no firewall, but the only sockets listening on the public IP are for SSH, Apache and Asterisk. I upgrade all known vulnerable services the same day the disclosure and fix workaround/fix are made available to the public.
I thought I was secure, but some of the posts in this thread have sown the seed of doubt. I shan't be sleeping as soundly tonight... unless someone can reassure me that I've not missed something important?
Really?! Would you care to elucidate a little?

I'm having a real hard time understanding what's being said here. However, given the number of installations of A2B worldwide, I would have thought people would have been shouting about this along time ago if there were serious security holes. That doesn't mean there are any though.

Regards

Look the law is not seam in all the countrys in europe.

In SPAIn only try to hack one server is a CRIME.
In UK you need to broke the Security

In spain only for try i get you in court and if you a very stupid i get any Interpol order.

In UK the law is really very nice for the hackers in time not get access.-
only when the hacker is inside is possible you put legal complains.

tHis make in UK no only hackers also hosting and datacenters company's try to disturb your security

LIke make 1and1 or how make this company with many complains in internet and is possible you read in google.-
address: BIS Internet
address: St. Mary Axe
address: London
address: United Kingdom
address: EC3A 8HB
phone: +44 (0) 20 7861 9320
fax-no: +44 (0) 8701 345 183

this people not leasing and is the next go to court many calls and mails for nothing.
if you look have only few IPS and I not believe have costumer in thsi small quantity

inetnum: 217.169.46.96 - 217.169.46.111

honesty and good relations is fault in many Europe company's After this we have Chinese hacker also from Poland , ucrania and Russian country's Indian and Pakistani and few hacker from any African country.- And not fog ever one group in Madrid and barcelona few of this members now in prision .

Ok, this is scary stuff. In my first attempt with A2B about 3 months ago I had to trash my trixbox system because someone was creating accounts in A2B even though I had IPtables installed and "foot long" passwords.

I'm now using PBX in A Flash with Linux firewall and Fail2ban and was feeling safe until I stumbled onto this thread. Now I don't know if I'll be able to sleep after going into "simi-production" just 2 days ago.

The bottom line is, we need a solution to this problem and we need it fast. We cannot and should not expect Areski to have sleepless nights working on a solution for our security woes. It would take at least a year for him to come to grips with just a few of the potential exploits, taking away from the time he has to add new and exciting features we all long for.

Therefore, the security experts out there should now step forward and help with this aspect of the project. Frankly I'm disappointed at the community members who just take and take without giving back. I don't understand why SOME folks who use the app for commercial purposes are not contributing financially to the project but are the first to kick and scream about flaws as though Areski and company can survive on a "GREAT JOB MY FRIEND". If he should abandon the project for lack of funding, where would we be?

Come on people, share your solution and contribute to the cause and we will have a better application. It's not very difficult to click on that "CHIP IN" button above. We'll all benefit from it.

There's my 2 cents.

Robin A.

Excellent post Robin. This is worth way more than 2 cents. Keep it up.

hi to all

I post the Security problems but this not means . A2billing is going down.

I use in all the server a2billing standalone and only in one share the server with any webpage.-

A2billing no need really very big modifications for get more security . But Is true a2billing is missing explain recommendations of security in the servers and also any installer like use the aplicattion 4psa Voip NOw

THis install Iptables automatic apache and apache configuration in especial folders and more features like automatic installation of zaptel and asterisk and the files you need with the configurations.-

THis make you get a great installation and the software working with security in the first time.-

This not means is like flashpbx or tribox . I think in true is best in security .
pbx in flash is a game for children and hackers. Like others pbx

About money for a2billing.

We get only one bad experience but this not means > We not go to support Areski.

We are waiting only the account manager for the best solution send money to areski every month and we have legal the TAX declaration.

All we need to support Areski

if you not have 100 euros or more a month. Send only 10 but send any money.

Software Free or GNU is always support from the users.- And really here is very sad. The users only post problems and not support with any money.

A2billing is a great solution I get the BUG and I post. BUt other aplications like joomla get many bugs a year. And the users not stop use or make donations

what really happend here? People is thinking very bad .

HELP A2billing for solve this problem
ABILLING need help from all the people.

if you go to sleep today dream with this and make some positive

gineta,

I really like your style and your passion for the project. Your comments / analysis are very inspiring, though it takes two or three passes to get the full meaning. Like you, I really take security very seriously and any potential exploit should be carefully looked at.

You comment about Trixbox and PBX in a Flash really got my attention, since I'm a new user of the latter. It would be helpful if you could elaborate a little more on the statement, [pbx in flash is a game for children and hackers. ] If it's not what serious A2B installs should be using, then enlighten us. Being members of the community, we ought to share ideas thereby making the community stronger. Had Areski kept A2B to himself, we wouldn't be here today. If it weren't for the support team of people like Stavros and Asiby, many of us would have fallen by the wayside. They do it for the love of the project and we all benefit.

Again I'm with you on the support issue, but I did say SOME folks. They would fix minor issues or even major ones and not even share that. What type of member is that, a thief or a selfish bastard? Heaven knows.

To all readers: The above is just a question, so please don't take offense and start some crazy responses if I touched a nerve.

Thanks to all those who support the community and the tireless ones on the front line, fixing and improving A2B.

Robin A.[/quote]

[/quote]

Juas juas is not offence but education is first you means I think this is FF for ban the post

The support also you means is 250 dollars in one month. This is also nothing in Europe a sorry sure you are American and there is big money.
THis understand ver well.

Pbx in flash you need to look only the web page and organization more of the bluings is for other projects. This from when start internet to now only make the lamez and this not have discussion.



I not win nothing here but sure there many lamez only need to read
SUCCESS STORIES

*Post:

http://forum.asterisk2billing.org/viewtopic.php?t=1710
http://forum.asterisk2billing.org/viewtopic.php?t=2500

how you look there many people may money with a2billing but I not look nothing for help a2billing.

In our case before we use our staff for make many projects and also we nor use a2billing for any big production. But this not means we not go to help starting from 1 July and not end.

I test all the PBX in the market. (ALL you understand)

Many hundred hours and re installation for TEST nothing good.
Actually only the company's is partner with Digium or others like a2billing project or 4psa. Have 100% one 10 in the best PBX. Tribox I give one 7 only The rest sorry need to study more

Next time only please make little more post for we look how are you and please not use BAD expressions.

Your family sure is very happy if you are educated guy. Also Us

Gineta

As can be seen by all, I'm at a distinct disadvantage in this dialogue. I'm not sure if you're cursing me or praising me. The former seems more applicable based on the bits and pieces I was able to gather from your response. I hope you didn't mean Judas (the guy that betrayed Christ) in your opening sentence.

I should have known better. Learn the rules before playing the game. I didn't and I sincerely apologize firstly to the moderators of this forum, to Gineta and the rest of the readers for using a forbidden word, even though the context in which is was used should not have been offensive, but if one person is offended by it, I ask their forgiveness and thank God that Gineta is not the moderator. You wouldn't have had a chance to read this apology.

Nevertheless I appreciate your response and admire your ethics, and I will endeavor to be a model community member in the future.

With that said, could the experts out there recommend the best disrto and network architecture for A2B, with security as a critical element in your design.

Thanks,

Robin A.

I would recommend Gentoo . I believe that there is a thread that discuss that matter. But I couldn't find it.

Yes, I really like Gentoo for server usage too, but be warned: it's not well suited to those who don't already have appreciable Linux skills (or at least a strong desire to learn).

for me I think the best linux is Debian is also more complicated of others like Centos.

And always have important updates.
and also is the distribution more Architectures support .-