Major security breach/bug!?

Added by Shivam Agrawal 8 months ago


I installed version 4 a few weeks ago on a ec2 instance. I connected it to a trunk and did some testing. Since then the instance has been suspended.

I was checking my trunk credits and I realize that the trunk has been subjected for a lot of fraud attempts during the night, approx 500 calls.

The fraud attempts does not come from the GOautodial server itself, all calls is directly connected to the trunk with the correct credentials.

The only possible way I can see is that someone has gathered the trunk information from my GOautodial install in some way.

The reply I got from the trunk provided pointed towards the same thing, I have attached the screenshot of the reply I received from my trunk provider.

Please look in the issue and update on the same.

Shivam A

Screenshot 2020-04-08 at 17.29.52.png (222 KB) Screenshot 2020-04-08 at 17.29.52.png Screenshot of the reply I received from my trunk provider

Replies (3)

RE: Major security breach/bug!? - Added by Wittie Manansala 8 months ago


Please confirm.

After your installation did you enable/activate IPTables?

Reference link:

Disable firewall (*make sure to customize and turn it back on later*)
systemctl disable iptables
systemctl disable firewalld


RE: Major security breach/bug!? - Added by Demian Lizandro Biscocho 8 months ago

Looks like your SIP account has been compromised. As you mentioned it, the attempts were outside of your GOautodial server.

SIP credentials are sent over the network unencrypted. Someone listening in your network or your SIP carrier's network can easily get your SIP credentials.

Please coordinate this with your SIP provider and implement security measures for your SIP account. One common way is to do IP based authentication. This limits the sending of calls to authorized IP addresses only.

    Go to top