Help Security Concern Goautodial
Posted: Wed Nov 19, 2014 9:14 pmHelp needed.
server specification:
GOautodial CE 3.3 Build: 140608-8000
Vicidial 2.9 RC1 (2.9.441a)
Asterisk 1.8.23
DAHDI Tools Version - 2.6.1
Distro name: Single Cloud Server CentOS release 5.11 (Final)
Kernel Version 2.6.18-398.el5 (SMP)
Processors 4
Model Intel(R) Xeon(R) CPU E5-2630L v2 2.40GHz
CPU Speed 2.4 GHz
RAM:8GB
cache size:4096 KB
I have installed goautodial on cloud server, and its in production mode, everything is working fine, but i always get worried about security concern even after a good iptables rule.i was just trying to get through some section of goautodial and found that we can still access the VICIDIAL default GUI. but suddenly i tried to access agc and each and every files within the folder was publicly available, there are some folder which can be accessible through the URL.
/var/www/html/agc : /ipaddress/agc
/var/www/html/vicidial : /ipaddress/vicidial
Is it safe to leave these folders as it is or should i implement some sort of restriction to disable access to these folders for public access.
first i thought to put a index file within all the folders wherever its not present or restrict the directory permission only for root.
GoAutoDial uses 443 port for web interface, so can i also close down port no 80 to prevent any direct access to GoAutoDial or its any of directory, at least in this way i will be able to reduce some crackers load on my server.
whether should i go with above steps or not?
Thanks
server specification:
GOautodial CE 3.3 Build: 140608-8000
Vicidial 2.9 RC1 (2.9.441a)
Asterisk 1.8.23
DAHDI Tools Version - 2.6.1
Distro name: Single Cloud Server CentOS release 5.11 (Final)
Kernel Version 2.6.18-398.el5 (SMP)
Processors 4
Model Intel(R) Xeon(R) CPU E5-2630L v2 2.40GHz
CPU Speed 2.4 GHz
RAM:8GB
cache size:4096 KB
I have installed goautodial on cloud server, and its in production mode, everything is working fine, but i always get worried about security concern even after a good iptables rule.i was just trying to get through some section of goautodial and found that we can still access the VICIDIAL default GUI. but suddenly i tried to access agc and each and every files within the folder was publicly available, there are some folder which can be accessible through the URL.
/var/www/html/agc : /ipaddress/agc
/var/www/html/vicidial : /ipaddress/vicidial
Is it safe to leave these folders as it is or should i implement some sort of restriction to disable access to these folders for public access.
first i thought to put a index file within all the folders wherever its not present or restrict the directory permission only for root.
GoAutoDial uses 443 port for web interface, so can i also close down port no 80 to prevent any direct access to GoAutoDial or its any of directory, at least in this way i will be able to reduce some crackers load on my server.
whether should i go with above steps or not?
Thanks