Support A2Billing :

provided by Star2Billing S.L.

Support A2Billing :
It is currently Thu Mar 28, 2024 11:10 am
Voice Broadcast System


All times are UTC




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: CRITICAL | SECURITY ATTACKS WITH ACUNITEX
PostPosted: Wed Aug 07, 2013 5:41 pm 
Offline

Joined: Sun Nov 07, 2010 10:00 pm
Posts: 253
Hello all,
Since 3 days agoo we had significant security attack, where hackers was gain access to make calls with our direct end customers accounts. I mean, they got discovered end users sip credentials, and connect to our network to place the calls using end user correct credentials.

After turning, and investigating how it could be, and how they did it... I got little idea about Acunitex injection methode, where hacker arrive to read DB, and relive the end users credentials.

Indeed, it's mroe then critical, as we could do nothing to avoid it... as hacker is sending calls with correct end user credentials, there's no any failing log, neither any other mode to block it...

Upon that, I had to update the PHP v. from 5.3.3 which I was runing to 5.4.17, and mysql version also... and review serveral mod_security apache rules... etc.

The problem now, after insuring again the swtich, we're getting failing errors with a2billing php version, as apparently version 5.4.17 is not fully compatible with a2billing, and in the log I'm having several errors lines, for exemple:

Code:
php: /var/lib/asterisk/agi-bin/lib/Class.A2Billing.php[271]: Undefined variable: line_file_info


Also, some pages, in the admin front-end, don't load nothing, for exemple, the mantenance -alarm page, is showing there's no alarm to run... and when try to run some cronjobs, as the alarm cron, I get:
Quote:
# php a2billing_alarm.php
[No Alarm to run]


The php version incompatibility isn't really the issue, as it's not affecting the real production, for now... but I'm just here to share the experience, and report this issues, for your interest.

Regards,


Top
 Profile  
 
 Post subject: Re: CRITICAL | SECURITY ATTACKS WITH ACUNITEX
PostPosted: Tue Sep 10, 2013 3:02 pm 
Offline

Joined: Mon Mar 05, 2012 1:09 pm
Posts: 8
Hi

Make sure you do not allow port 3306 and make sure you run your system behind incapsula.com. This should stop the all the SQL injections.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 
Hosted Voice Broadcast


All times are UTC


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group