Can I run a report and get IP addresses of the user who connected in? Is it safe to have the trixbox on the same server D. Can i find out how the user got connected? Most Valuable Expert The Most Valuable Expert award recognizes technology experts who passionately share their knowledge with the community, demonstrate the core values of this platform, and go the extra mile in all aspects of their contributions.
Join our community to see this answer! Unlock 2 Answers and 11 Comments. Andrew Hancock - VMware vExpert. See if this solution works for you by signing up for a 7 day free trial. What do I get with a subscription? With your subscription - you'll gain access to our exclusive IT community of thousands of IT pros. We can't always guarantee that the perfect solution to your specific problem will be waiting for you.
If you ask your own question - our Certified Experts will team up with you to help you get the answers you need. I read a old post on changing the amportal but it concluded that it is not necessary.
I also made sure I know how to change the root which I will do. I initially was setting up a vpn between 2 microtik routers and for some reason could not get it to work. I now have to edgewater routers that I am going to set up the vpn on and get rid of some of the port forwarding.
I read the post that Igaetz pointed to. This looks exactly like what happened. Is there anyway that Endpoint Manager might have a way to be exploited? This is the only system I have Endpoint on. The EPM just creates files that is it.
Unfortunately unless you can provide some sort of details from with the box such as logs and other activity tracking there is no way for us to really know how they got in and what they exploited on the system. Have you checked them? How are you setup now? Mikrotik is the good choice for this.
My first recommendation would be not to use Trixbox because it still has many well know FreePBX vulnerabilites that everyone else has fixed. That way you just turn on apache when you need to make a config change which is all the gui is used for. It just generates asterisk config files.
Of course you could also explore vpn type solutions to block http access. Usually only root will have a password unless you created additional accounts. You can tell which users have passwords because they are the only ones with a long hash. If you find none of these things then they probably never got root access and the server is probably still in good shape.
Then you gotta clean out the c99shell script they probably injected which is what gives them access in the first place. I have a lot of first hand experience with this unfortunately back when FreePBX still had these vulnerabilities and in the case of Trixbox…still does.
More recently with Elastix because of a relatively new vulnerability found with vtiger which Elastix installs by default. System was hacked Help please General Help.
0コメント