This is very important email to all our clients who is using VOS3000 software at our Servers.
Recently we got several hacking issue in our servers who are using VOS3000 soft switch & we completed our investigation on those servers and found several issues. I am going to describe some important part of it, so you can be careful and protect your server.
There are few hacker who is hacking servers, some of them are expert and some are not. Before you protect your server from hacker you should know how they hack, here are some common ways.
1. E-mail Hacking
2. Hack your computer
3. Hack root access through SSH
4. Bypassing root access through Apache (this is happening recently)
1. Email Hacking: This is very easy way to hack your server if anyone knows your email password, because when you ask us to change your root access or anything we send it via email, so all the time we change it for you hacker get new one as he have already access of your email.
Solution: Don’t use your email from multiple computer and try to use mostly from cellphone and change your email password time to time and use complicated passwords.
2. Hack your computer: Most of the voip hacker send some file via skype or yahoo messenger and use name like phone.exe, dialer.exe, ratechart-a2z.zip or something and send keylogger – and hacker got all the keystroke – whatever you will type he will get email, meaning he will get all server access, email access and everything and he will able to hack everything of yours if he wish.
Solution: Don’t accept file in messenger, ask your friend to send file via email because most of the email provider have virus scanner in email service, use updated anti-virus at your computer.
3. Hack root access through SSH: Sometime some client make very easy password for root and server get hacked.
Solution: Always use complicated password and combination of word, number and sign to protect servers.
4. Bypassing root access through Apache: Old version Apache is mandatory in VOS3000 Old Versions, which is hack-able very easily now a days by expert hackers. They access direct root even if you have firewall and they added different root access with different name like tomcat7, mysql5, vos3000service etc but those are hacker root access.
See this link for more update: http://www.securityfocus.com/bid/37942
Solution: There is no solution as upgraded Apache will not work with old VOS3000, So you have to upgrade VOS3000 to new version like VOS3000 22.214.171.124 which have upgraded Apache.
Steps we took to sort it out temporarily:
1. We always use different SSH port and now we blocked all IP Through our new firewall, so either you want to login at your VOS3000 or your SSH you will not able to login unless you add your IP through “Access Code” in our firewall system. To get our new firewall please make schedule with our support team who will help you to upgrade to new one if you are using old firewall or they will add firewall if you are not using firewall.
2. We will not send access code via email anymore, we will send this via SMS or viber or Whats app – so please update your phone number to our portal or contact our support team with your new number, so they will keep that noted, as sometime email get hack we decide to send at least one access via SMS, so it will be more secure than before.
3. When hacker bypass through Apache old version they block firewall in server and access VOS3000 easily, so we made small script which will send us notification about firewall status, so we will able to get update if the firewall is down & we can send you notification about that.
4. If you are using OLD VOS3000 then please contact our team we will check if possible to arrange updated version for you, this will be hard process as data transfer should be manual from old VOS3000 to new VOS3000 also time consuming, so please make schedule with our team if you are afraid with old version.
5. We blocked all IPV6 options at those server where the hacking is going on, we will block that for you as well when you will send your server for new firewall.
Steps are coming soon:
1. Certification based/SSH Key based Login at root access.
2. Mapping GW ip addition email notification, so you will get notification when someone add new ip at mapping gw without your concern.
we are working for those 2 steps for now and we will apply them as well when they will be finished.
Please monitor your VOS3000 Traffic and Check from where the call is coming and when you have higher traffic then please check mapping gw as well if anybody added any extra ip or not. Also remember your vendor server can be hacked as well, when you send traffic to someone always ask him to check how many ip added at his side if your vendor get hacked then all the bill will be at your name.
We always try hard to protect servers from hackers, sometime we can’t solve some issues, but we always try our best. If you have any issue then please contact with our support team, we will go through your server and slowly we will apply all new security to your servers, please make schedule as well with our team because it will be difficult to complete all server together.
We are the most active team who try instant solution after any problem occur, if you think this is only happening with our sever then that is wrong, same thing is happening with all over the world with all VOS3000 users.
Please contact me directly if you fail to contact with our support team for any reason.
My Skype ID: s9telecom
(Please do not call)
Thanks and Best regards,