Project

General

Profile

Major security breach/bug!?

Added by Shivam Agrawal 3 months ago

Hi!

I installed version 4 a few weeks ago on a ec2 instance. I connected it to a trunk and did some testing. Since then the instance has been suspended.

I was checking my trunk credits and I realize that the trunk has been subjected for a lot of fraud attempts during the night, approx 500 calls.

The fraud attempts does not come from the GOautodial server itself, all calls is directly connected to the trunk with the correct credentials.

The only possible way I can see is that someone has gathered the trunk information from my GOautodial install in some way.

The reply I got from the trunk provided pointed towards the same thing, I have attached the screenshot of the reply I received from my trunk provider.

Please look in the issue and update on the same.

Regards,
Shivam A

Screenshot 2020-04-08 at 17.29.52.png (222 KB) Screenshot 2020-04-08 at 17.29.52.png Screenshot of the reply I received from my trunk provider

Replies (2)

RE: Major security breach/bug!? - Added by Enzo Zazzaro 3 months ago

the problem is you firewall. dont open 5060/5061 at web. newer! you install firewall or firewall script
script.sh

  1. allowed ip file location
    WHITELIST=/usr/src/firewall/whitelist.txt #
    1. Specify where IP Tables is located #

IPTABLES=/sbin/iptables
IPTABLES_SAVE=/sbin/iptables-save

#
  1. Save current iptables running configuration in case we want to revert back
  2. To restore using our example we would run "/sbin/iptables-restore < /usr/src/iptables.last" #
$IPTABLES_SAVE > /usr/src/iptables.last #
  1. Clear current rules #
    ##If current INPUT policy is set to DROP we will be locked out once we flush the rules
  2. so we must first ensure it is set to ACCEPT. #
    $IPTABLES -P INPUT ACCEPT
    echo 'Setting default INPUT policy to ACCEPT'

$IPTABLES -F
echo 'Clearing Tables F'
$IPTABLES -X
echo 'Clearing Tables X'
$IPTABLES -Z
echo 'Clearing Tables Z'

#Always allow localhost.
echo 'Allowing Localhost'
$IPTABLES -A INPUT -s 127.0.0.1 -j ACCEPT #
  1. Whitelist #
for x in `grep -v ^# $WHITELIST | awk '{print $1}'`; do
echo "Permitting $x..."
$IPTABLES -A INPUT -s $x -j ACCEPT
done
  1. block all other traffice
$IPTABLES -A INPUT -p all -j DROP #
  1. Save the rules so they are persistent on reboot. #
    service iptables save

and in /usr/src/firewall/whitelist.txt any ip for accept.
and in rc.local insert this script.

    (1-2/2)
    Go to top