The extensions_custom.sh was modified and this was notified via the gmail.
However, there are few rows being added at the end of the extensions_custom.sh to allow the hacker to access the asterisk anonymously.
The file continue to be modified as long as the httpd is up and running. The only way to block is to stop the httpd service.
Further checking using the tcpdump
tcpdump -i eth0 port https
It shown that the IP from the germany was trying to access the https..
Further check on this IP on the /var/log/httpd/
you can see that it was trying to access the asterisk via /a2billing/Public folder and
/a2billing//admin/Public/A2B_php_stats.php and in this file, you can see it was trying to access the md5 password for all acl user. maybe from here, it can access all user password..
I used the
/sbin/iptables -I INPUT -s 46.165.210.0/24 -j DROP
to block this specific IP to access our https
Wednesday, February 18, 2015
Backup wav recording file to s3
Firstly, you need to create bucket in the s3 using the following commands
http://s3tools.org/usage
Check the bucket status via amazon gui
https://console.aws.amazon.com/s3/home?region=ap-southeast-1
e.g copy a file into the s3 using s3cmd put s3://
By right, s3 charges is cheaper than the ssd or standard volume
http://s3tools.org/usage
Check the bucket status via amazon gui
https://console.aws.amazon.com/s3/home?region=ap-southeast-1
e.g copy a file into the s3 using s3cmd put
By right, s3 charges is cheaper than the ssd or standard volume
Subscribe to:
Posts (Atom)