asterisk2billing.org
http://forum.asterisk2billing.org/

a2billing hacked
http://forum.asterisk2billing.org/viewtopic.php?f=34&t=9562
Page 2 of 2

Author:  rboy22007 [ Tue Dec 02, 2014 11:54 am ]
Post subject:  Re: a2billing hacked

Hi,

limiting the ip from certain countries might help but the underlying security issues remain unsolved, when a hacker could inject some code to credit account without any payment trace or logs. That's the issue need to be solved.

Author:  chemical [ Tue Dec 02, 2014 3:08 pm ]
Post subject:  Re: a2billing hacked

Yes, i agree with you, but since A2billing is opensource, we need to wait till the coders make the changes, in other hand, the solution i gave you will reduce the issue, in my case not all Mexicans know about "How to hack" any kind of servers

Author:  rboy22007 [ Tue Dec 02, 2014 3:21 pm ]
Post subject:  Re: a2billing hacked

Hi,

I have discovered a vulnerability in a2b "DID", via this route the hackers able to add credit and make expensive calls.
i have reported this issue and in the meantime i would advice to disable DID feature till a fix is updated.

limiting the ip provide some protection but this can be bypassed by using proxy or provide a problem for a genuine customer who wish to call via sip dialler from abroad. like you said we need to wait for the a2b team to make some changes to fix the issues.


Update
--------
Areski has done a quick fix

https://github.com/Star2Billing/a2billing/commit/32a23041f2eb56a0c10c95cb75401c2570242de8#diff-1ae57036f1adbada7ed814e8e7da1bc3R77

I recommend everyone to update

Author:  ubunter [ Mon Apr 06, 2015 2:03 pm ]
Post subject:  Re: a2billing hacked

rboy22007 wrote:
Update
--------
Areski has done a quick fix

https://github.com/Star2Billing/a2billi ... 7da1bc3R77

I recommend everyone to update


A year ago, I had similar case, they haven't arrived to make nothing, but I took some care for that since that time I haven't got it back... but as I can't reproduce it... don't know really, and never sleep calm...
I have just deployed this proposed changes here... but also, as can't reproduce it, don't know if that really will solve it...
Thanks for sharing and updating...
Regards,

Page 2 of 2 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/