vicidial.org

[krishnandu.sarkar]

Hello,
Well, to state it clearly I'm are guessing, my installation is being attacked multiple times. The same thing happened 2 times. The server is hosted in Cloud.

What happens is, suddenly things stops working and when I connect via SSH and try to start MySQL service it shows socket not found type error. I tried checking the services, and found that MySQL, Apache, FTP services are not there. But SSH works fine. So I guess root password is not guessed at all, else whole installation can be tampered, but that didn't happen. So I guess these services are deleted.

As a security measure, I use Fail2Ban. I have configured it to use MySQL, Apache, Asterisk and SSH. I always keep the things updated via zypper.

Only thing that now comes to my mind is only allow specific range of IP's. But I'm not sure how that would work. Because teams from multiple locations connect to the server for calling and as we all are over internet, IP's are dynamic. Only thing that I get is allowing a vast range like xxx.xxx.0.0. I guess IP's from same ISP always in between xxx.xxx range.

Any other idea or tips? Anything else I'm missing? What else I can do?

[mflorell]

If your server was hacked, the only way to be sure it is safe is to wipe it and reinstall. Using the OpenSuSE firewall(configurable through yast) and properly configured fail2ban should be enough to secure your vicibox system on the Internet. Also, the first thing you should do is update your system to make sure you have the latest packages.

[krishnandu.sarkar]

But I did that already. Well, everytime I do the fresh installation, it's getting hacked (maybe) after few weeks. So how many times would I do this fresh installation?

Also, this I what I ensured..
1. I always keep the system updated
2. use fail2ban configured properly
3. use iptables
4. keep root password very very strong and not guessable (combination of Caps and Small alphabets, numeric and special characters with length of 16)
5. keep password for root user of MySQL according to above logic
6. used mysql_secure_installation to delete any test db and everything
7. No un-anonymous ftp users permitted and all the ftp users are jailed.

Bu this is 2nd time it got hacked. What else I should do?

[krishnandu.sarkar]

Ok. I found the problem. The problem was not hacking. Disk space was getting full since I have set it up on a Cloud SSD Server with 20GB SSD and as we are not moving the recordings.

Anyway I tried creating another Archieve server but seems to not working. Any idea?

Summary of what I did.

Server 1. On vicibox-install choose archieve server as No.
Server 2. On vicibox-install provided the Database Server IP as of Server 1 and choose archieve server as Yes.

Still recordings are not moving.

Then I manually edited the astgui.conf and found the replaced the default FTP configs with mine. Still it's not working. Anything else I'm missing?

Already gone through the document many times, may be I'm missing something. Can anyone please help?