Support A2Billing :

provided by Star2Billing S.L.

Support A2Billing :
It is currently Tue Mar 19, 2024 9:10 am
Predictive Dialer


All times are UTC




Post new topic Reply to topic  [ 20 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: Getting Serious Hack problems
PostPosted: Wed Oct 19, 2016 10:24 pm 
Offline

Joined: Sun Nov 07, 2010 10:00 pm
Posts: 253
vulcan wrote:
If you have added any MySQL queries in the customer portal change them to use PDO.


We haven't really add new queries, we use existing, extend them and customise views and functions in the web.

Quote:
If you are still having the problem, you can temporarily turn on BINARY Logging in MySQL to log queries. This can impact a busy server negatively noting the files are huge and need to be pruned regularly. These are not text files but tools are available to access them. You can "binlog ignore" tables you don't need.

I alre do have this as we do replication into our servers, I have four switching servers, and do live replication, so binlogs are switched for replication, but never thou to look there...

Quote:
If access was by injection, it is hard to find the bug. The hacker after discovering the vulnerability may keep it a secret for himself or otherwise sells it. Curious how he has so much traffic to send.


As for as i have investigated, this hacker is very known group in Gaza, he do hack around 6M$ a month. He have hacked Qatar Airways, Large local Telecoms, and others, work into financing terrorism and large activities!!!
Much of that traffic now we put it in dispute upon the local carriers, but this can be done only in European countries, he has sent much other traffic to African destinations. My eventual solution is to create a fake rate card, put in it all high value traffic, and send it to fake trunk, so traffic can't go anymore... But still, this is not a solution...

Quote:
The admin should not be exposed anyway, that can be easily blocked in apache. He does not need to login as customer to inject queries. All that is needed is the normal query to the database anywhere in the application using certain url's.


I'm really thinking in remove the admin to another vps, far away from customer, and restrict access to it via TLS or whatever, but this still to be paranoic and not really solution of the security issue.


Top
 Profile  
 
 Post subject: Re: Getting Serious Hack problems
PostPosted: Fri Jan 20, 2017 12:15 am 
Offline

Joined: Thu Jun 05, 2008 5:35 pm
Posts: 37
Hi there!

We started having the same problem with A2Billing v2.0.1 around the same time, in late August.

We have since upgraded to v 2.2.0, and this has ostensibly fixed the issue, although the attacker still had all our old accounts. We've been changing those accounts as we see them since the upgrade, and the problem has been getting better.

This suggests that there was a serious security flaw in v2.0.1 that has been fixed in later releases. Hope that helps!


Top
 Profile  
 
 Post subject: Re: Getting Serious Hack problems
PostPosted: Sat Jan 21, 2017 7:56 am 
Offline

Joined: Sun Nov 07, 2010 10:00 pm
Posts: 253
gromm wrote:
Hi there!

We started having the same problem with A2Billing v2.0.1 around the same time, in late August.

We have since upgraded to v 2.2.0, and this has ostensibly fixed the issue, although the attacker still had all our old accounts. We've been changing those accounts as we see them since the upgrade, and the problem has been getting better.

This suggests that there was a serious security flaw in v2.0.1 that has been fixed in later releases. Hope that helps!


Hello,
I don't really think that you have solved any issue by this update... even, the must recent version is 2.1.1, not 2.2, I couldn’t find in the repo such as version 2.2.0, where the must recent release not have any relation with any security implementation...

What I think is simple, the hackers just let you to grow up again, and they will come back to you in some months later, believe me!!!!

My current solution to the situation is:

1) Block access to the admin folder absolutely by a specific very hard and restrictive .htaccess, even, by restricting access by IP, and drop all others.
2) Per sure, we are talking about having the web servers in different host then the master asterisk host, so no web server is running together with the asterisk hosts!!!!
3) I have detected, after documentation investigation, that the nat field, in cc_sip_buddies, it's critical dangerous to be exposed in realtime. I have to be set in the general section of the sip file, and not exposed in the DB. So, I have removed that field from the DB, and edited all over the hard coded requirements in the files, referring the the nat field, even, it's useless to be set in realtime, and used by files.
4) we have hard-coded 128bits sip password, and set option to be re-updated periodically by used in the customer portal.

I don't know if this is enough for now... because each attack is different, and each couple of years we have some sort of attack, or scam, and we take some steps and modification, so this is a large experience, and each changes are fine to be shared, and taken in consideration, but keep in mind that the current hacker are very professional and known hacker, so he will still working, so you never should go to sleep!!!!!

Regards,


Top
 Profile  
 
 Post subject: Re: Getting Serious Hack problems
PostPosted: Tue Feb 07, 2017 12:25 am 
Offline

Joined: Mon Jan 08, 2007 6:56 pm
Posts: 345
Version 2.2.0 is here:
https://github.com/Star2Billing/a2billing

Click the green button and download the zip file. This version uses composer, so pay close attention to the installation instructions in the package.


Top
 Profile  
 
 Post subject: Re: Getting Serious Hack problems
PostPosted: Sun Oct 22, 2017 3:21 pm 
Offline

Joined: Mon Mar 05, 2012 1:09 pm
Posts: 8
always implement a2biling via Star2billing. Implementation cost is super cheap.

another solution.

a quick and permanent solution to any web interfaces hacks like SQL injections to your webserver, use https://www.incapsula.com/

The cost of https://www.incapsula.com/ is very little compare to hackers making fraud calls. Only allow incapsula server to your webservers and you are good. You can sleep at night.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 20 posts ]  Go to page Previous  1, 2
Hosted Voice Broadcast


All times are UTC


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group