vicidial.org

Posted: **Mon Aug 29, 2011 1:07 pm**

screen -ls
should show 6 screens but if it doesnt then ?

Mine One shows :

screen -ls
There are screens on:
2702.asterisk (Detached)
2776.ASTVDadapt (Detached)
2779.ASTfastlog (Detached)
3 Sockets in /var/run/screen/S-root.

and I get TIME sync Error.

Posted: **Mon Aug 29, 2011 6:55 pm**

didja change the ip address of the machine?

is asterisk running?

is mysql running?

try starting one of the missing processes manually to see the error it tosses. one of them will clue you in.

Posted: **Mon Aug 29, 2011 7:20 pm**

Mysql and Asterisk is running

It happened twice today that all my DB data got deleted while agents were logged in

Server even DIDNT reboot !!

I will Change the HDD today and reinstall but I found this strange, automatically some data getting deleted from the DB !!

Posted: **Mon Aug 29, 2011 7:38 pm**

Um ... do you have iptables locked down so NOONE can get to your box except from authorized ip addresses AND did you change your cron password?

Posted: **Mon Aug 29, 2011 7:52 pm**

1) No, I HAVE NOT changed my CRON PASSWORD.How to change it and any Log file to find the access log ?

2) I have NOT modified my IPTable.

3) My webrootwritable is 0 in dbconnect file but I still see project_auth_entries.txt has an Entry for every admin login. :-(

Posted: **Mon Aug 29, 2011 8:21 pm**

cron can access data directly. without a login. depending on your setup.

there WAS a cron password changer script, but i believe it may have disappeared. if you can't find it let me know and i'll post a link to it. i believe it still works, but it may need an update or two.

Posted: **Mon Aug 29, 2011 8:28 pm**

cron can access data directly. without a login. depending on your setup. ??

Wow !!!

How to change the password ?

Also, My webrootwritable is 0 in dbconnect file but I still see project_auth_entries.txt has an Entry for every admin login !!!

How to stop that ??

Posted: **Mon Aug 29, 2011 8:43 pm**

dunno never tried. but you could actually change the webroot to not be writable (instead of just telling vicidial that it's not writable, which doesn't seem to have much of an effect, but may stop vicidial from crashing were you actually to MAKE the web root read-only).

why do you want to stop writing in the web root? (if someone can "write" on your drive ... ANYWHERE, you already have a problem, the web root would only be a symptom ...).

so ... what's the reasoning behind telling vicidial that the web root isn't writable ...? (curiousity, of course, cuz we've never used this feature 8-)

)

Posted: **Mon Aug 29, 2011 10:01 pm**

Few Lines from project_auth_entries.txt

Code: Select all: VICIDIAL|GOOD|Sat, 27 Aug 2011 17:45:12 +0530|6666|1234|192.168.100.132|Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0|6666| VICIDIAL|GOOD|Sat, 27 Aug 2011 18:02:20 +0530|6666|1234|192.168.100.132|Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0|6666| VICIDIAL|GOOD|Sun, 28 Aug 2011 00:46:02 +0530|6666|1234|192.168.100.132|Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0|6666| VICIDIAL|GOOD|Sun, 28 Aug 2011 03:05:25 +0530|6666|1234|192.168.100.33|Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0|6666| VICIDIAL|GOOD|Mon, 29 Aug 2011 19:52:45 +0530|admin|admin|192.168.100.130|Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0|Admin|

Above CLEARLY shows the admin PASSWORD !!!

Posted: **Mon Aug 29, 2011 10:07 pm**

Cron password :

I see this Link :

http://www.vicidial.org/VICIDIALmantis/view.php?id=247

Running changepass.pl will do the needful ?

Where should I extract changepass.pl file ?

Posted: **Mon Aug 29, 2011 11:01 pm**

location does not matter. it's a perl script, you execute it with "perl scriptname.pl"

be sure you back up FIRST. LOL

Posted: **Mon Aug 29, 2011 11:05 pm**

How can One access the DB using cron if I have changed root and mysql password ?

Posted: **Mon Aug 29, 2011 11:16 pm**

gmcust3 wrote::)

How can One access the DB using cron if I have changed root and mysql password ?

you stated that incorrectly LOL (just pickin' on you)

you did not change "mysql password". You changed the root mysql password. the cron mysql password has different access (for instance, it cannot create new users ... but it does have read/write access to ... the asterisk database which is where vicidial stores its data).

if you have a user named cron and a password of 1234 on your system (by default) and you have allowed access for this user from a location other than "localhost" (which is necessary for multi-server and seems to be the default, although i have not checked in GoAutoDial personally), and you have NOT restricted the IP address from which cron may interact with mysql (which would mean new users would have to figure out how to do modify that ip address, ouch, so that's not default) ... then anyone on any ip address who can get past the mysql port and into your box ... can use those credentials to modify/delete/add data at will.

so close the mysql port, ip lock your entire system, change the cron password, lock cron to a specific address list OR localhost ... or all of these.

Posted: **Mon Aug 29, 2011 11:20 pm**

Best is to Remove it from WAN :-)

as of Now..

Posted: **Tue Aug 30, 2011 9:06 am**

if that's an option, certainly. many facilities (windows & linux) believe that the database server should have NO outside contact whatsoever.