Vicibox Hacked
Posted: Wed Nov 26, 2014 3:39 am
Hello,
Well, to state it clearly I'm are guessing, my installation is being attacked multiple times. The same thing happened 2 times. The server is hosted in Cloud.
What happens is, suddenly things stops working and when I connect via SSH and try to start MySQL service it shows socket not found type error. I tried checking the services, and found that MySQL, Apache, FTP services are not there. But SSH works fine. So I guess root password is not guessed at all, else whole installation can be tampered, but that didn't happen. So I guess these services are deleted.
As a security measure, I use Fail2Ban. I have configured it to use MySQL, Apache, Asterisk and SSH. I always keep the things updated via zypper.
Only thing that now comes to my mind is only allow specific range of IP's. But I'm not sure how that would work. Because teams from multiple locations connect to the server for calling and as we all are over internet, IP's are dynamic. Only thing that I get is allowing a vast range like xxx.xxx.0.0. I guess IP's from same ISP always in between xxx.xxx range.
Any other idea or tips? Anything else I'm missing? What else I can do?
Well, to state it clearly I'm are guessing, my installation is being attacked multiple times. The same thing happened 2 times. The server is hosted in Cloud.
What happens is, suddenly things stops working and when I connect via SSH and try to start MySQL service it shows socket not found type error. I tried checking the services, and found that MySQL, Apache, FTP services are not there. But SSH works fine. So I guess root password is not guessed at all, else whole installation can be tampered, but that didn't happen. So I guess these services are deleted.
As a security measure, I use Fail2Ban. I have configured it to use MySQL, Apache, Asterisk and SSH. I always keep the things updated via zypper.
Only thing that now comes to my mind is only allow specific range of IP's. But I'm not sure how that would work. Because teams from multiple locations connect to the server for calling and as we all are over internet, IP's are dynamic. Only thing that I get is allowing a vast range like xxx.xxx.0.0. I guess IP's from same ISP always in between xxx.xxx range.
Any other idea or tips? Anything else I'm missing? What else I can do?