asterisk2billing.org :: View topic - CRITICAL | SECURITY ATTACKS WITH ACUNITEX

asterisk2billing.org http://forum.asterisk2billing.org/

CRITICAL \| SECURITY ATTACKS WITH ACUNITEX http://forum.asterisk2billing.org/viewtopic.php?f=34&t=10443	Page 1 of 1

Author:	ubunter [ Wed Aug 07, 2013 5:41 pm ]
Post subject:	CRITICAL \| SECURITY ATTACKS WITH ACUNITEX
Hello all, Since 3 days agoo we had significant security attack, where hackers was gain access to make calls with our direct end customers accounts. I mean, they got discovered end users sip credentials, and connect to our network to place the calls using end user correct credentials. After turning, and investigating how it could be, and how they did it... I got little idea about Acunitex injection methode, where hacker arrive to read DB, and relive the end users credentials. Indeed, it's mroe then critical, as we could do nothing to avoid it... as hacker is sending calls with correct end user credentials, there's no any failing log, neither any other mode to block it... Upon that, I had to update the PHP v. from 5.3.3 which I was runing to 5.4.17, and mysql version also... and review serveral mod_security apache rules... etc. The problem now, after insuring again the swtich, we're getting failing errors with a2billing php version, as apparently version 5.4.17 is not fully compatible with a2billing, and in the log I'm having several errors lines, for exemple: Code: php: /var/lib/asterisk/agi-bin/lib/Class.A2Billing.php[271]: Undefined variable: line_file_info Also, some pages, in the admin front-end, don't load nothing, for exemple, the mantenance -alarm page, is showing there's no alarm to run... and when try to run some cronjobs, as the alarm cron, I get: Quote: # php a2billing_alarm.php [No Alarm to run] The php version incompatibility isn't really the issue, as it's not affecting the real production, for now... but I'm just here to share the experience, and report this issues, for your interest. Regards,

Author:	charbles [ Tue Sep 10, 2013 3:02 pm ]
Post subject:	Re: CRITICAL \| SECURITY ATTACKS WITH ACUNITEX
Hi Make sure you do not allow port 3306 and make sure you run your system behind incapsula.com. This should stop the all the SQL injections.

Page 1 of 1	All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/