[Freeswitch-users] Hacked FreeSWITCH mentioned on the Verge regarding bomb threats

Brian West brian at freeswitch.org
Wed Mar 15 00:07:20 MSK 2017


this is kinda why mod_fail2ban exists! :). FusionPBX installs and
configures it out of the box and is VERY effective.

/b


On Tue, Mar 14, 2017 at 5:05 PM, acheraime . <acheraime at gmail.com> wrote:

> Agreed!
>
> One practice that I would highly recommend any one to stay away from is
> using numeric extension number "1001" as sip username and dictionary based
> passwords.
>
>
> On Tue, Mar 14, 2017 at 4:57 PM, Giovanni Maruzzelli <gmaruzz at gmail.com>
> wrote:
>
>> btw the problem is always with users/customers that change the demo
>> password "1234" (where there is a delay of 10 seconds put there by this
>> purpose)  to something like "password".
>>
>> And what I can do about this?
>>
>> I will put a safeguard against silly passwords, and you will make the
>> effort to circumvent also that safeguard because "is easier for my users"?
>>
>> On 14 March 2017 at 21:56, Giovanni Maruzzelli <gmaruzz at gmail.com> wrote:
>>
>>> NO, the default password of the demo configuration is just that, a
>>> DEFAULT password of a DEMO configuration.
>>>
>>> That is meant to DEMO just OUT OF THE BOX
>>>
>>> So, it must stay this way, because it just works, and is a demo
>>>
>>> Then, if you put a demo in production, the problem is between the
>>> monitor and the seat, not in the software
>>>
>>> On 14 March 2017 at 21:46, David Villasmil <
>>> david.villasmil.work at gmail.com> wrote:
>>>
>>>> Make the default password very obscure ramdomized on the fly... that
>>>> way people will be crying because they can't figure out a password instead
>>>> of having noobies hacked :)
>>>>
>>>> On Tue, Mar 14, 2017 at 9:40 PM Mirko Brankovic <
>>>> mirkobrankovic at gmail.com> wrote:
>>>>
>>>>> Indeed ;)
>>>>>
>>>>> On Mar 14, 2017 20:38, "Antonio Silva" <asilva at wirelessmundi.com>
>>>>> wrote:
>>>>>
>>>>> almost... until the user to test set userid = password ... and forget
>>>>> to change it... ops... hacked...
>>>>>
>>>>> it's all about good practices.
>>>>>
>>>>> Regards,
>>>>> António
>>>>>
>>>>> On 03/14/2017 07:39 PM, Mirko Brankovic wrote:
>>>>>
>>>>> Cance default password to uuid(), so every new install will get random
>>>>> one ... Bulletproof :°D
>>>>>
>>>>> On Mar 14, 2017 19:30, "Brian West" <brian at freeswitch.org> wrote:
>>>>>
>>>>> This is exactly what prompted me to put the FOUR LINE CRIT statement
>>>>> when the default password isn't changed along with a 10 second delay before
>>>>> proceeding.  Still I see questions posted about the 10 second delay and
>>>>> asking what it means. Not sure how to make it more clear.
>>>>>
>>>>> /b
>>>>>
>>>>>
>>>>> On Tue, Mar 14, 2017 at 1:19 PM, Giovanni Maruzzelli <
>>>>> gmaruzz at gmail.com> wrote:
>>>>>
>>>>> Is nice because they mention FreeSWITCH in the tag of the link, but
>>>>> the link is about FreePBX.
>>>>>
>>>>> Anyway, it's true: if you do not use the standard security practice,
>>>>> and leave your FreeSWITCH with standard password "1234", or maybe you
>>>>> change the standard password to "password", you probably will be hacked,
>>>>> and phone calls will be originated from your FreeSWITCH that you do not
>>>>> want to originate.
>>>>>
>>>>> But, man, that's what you, and me, and anyone is expecting.
>>>>>
>>>>> Also, please do not drive wrong way in the autobahn :))
>>>>>
>>>>> -giovanni
>>>>>
>>>>>
>>>>> On 14 March 2017 at 16:42, Mario G <mario_fs at mgtech.com> wrote:
>>>>>
>>>>> Thought some may be interested in this. I first saw it today via Apple
>>>>> News… Related to tracing bomb threats and Jewish attacks… FreeSWITCH
>>>>> mentioned twice.
>>>>> http://www.theverge.com/2017/3/14/14913118/jcc-bomb-threats-
>>>>> anonymous-phone-calls-pdx-hacking
>>>>> ____________________________________________________________
>>>>> _____________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://confluence.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>>> switch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Sincerely,
>>>>>
>>>>> Giovanni Maruzzelli
>>>>> OpenTelecom.IT
>>>>> cell: +39 347 266 56 18
>>>>>
>>>>> ____________________________________________________________
>>>>> _____________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://confluence.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>>> switch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> *Brian West*
>>>>> brian at freeswitch.org
>>>>>
>>>>> *Twitter: @FreeSWITCH , @briankwest*
>>>>>
>>>>> http://www.freeswitchbook.com
>>>>> http://www.freeswitchcookbook.com
>>>>>
>>>>> Allison prompts for FreeSWITCH:
>>>>>
>>>>> *https://www.gofundme.com/allison-prompts-for-freeswitch*
>>>>> <https://www.gofundme.com/allison-prompts-for-freeswitch>
>>>>>
>>>>> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
>>>>> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>>>>>
>>>>> *T:*+19184209001 <+1%20918-420-9001> | *F:*+19184209002
>>>>> <+1%20918-420-9002> | *M:*+1918424WEST (9378)
>>>>> *Skype:*briankwest
>>>>>
>>>>> ____________________________________________________________
>>>>> _____________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://confluence.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>>> switch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services: consulting at freeswitch.orghttp://www.freeswitchsolutions.com
>>>>>
>>>>> Official FreeSWITCH Siteshttp://www.freeswitch.orghttp://confluence.freeswitch.orghttp://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing listFreeSWITCH-users at lists.freeswitch.orghttp://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-usershttp://www.freeswitch.org
>>>>>
>>>>>
>>>>>
>>>>> ____________________________________________________________
>>>>> _____________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://confluence.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>>> switch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>> ____________________________________________________________
>>>>> _____________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://confluence.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>>> switch-users
>>>>> http://www.freeswitch.org
>>>>
>>>>
>>>> ____________________________________________________________
>>>> _____________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>> switch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Sincerely,
>>>
>>> Giovanni Maruzzelli
>>> OpenTelecom.IT
>>> cell: +39 347 266 56 18
>>>
>>
>>
>>
>> --
>>
>> Sincerely,
>>
>> Giovanni Maruzzelli
>> OpenTelecom.IT
>> cell: +39 347 266 56 18
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
>
>
> *Adolphe CHER-AIME*
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 

*Brian West*
brian at freeswitch.org

*Twitter: @FreeSWITCH , @briankwest*

http://www.freeswitchbook.com
http://www.freeswitchcookbook.com

Allison prompts for FreeSWITCH:

*https://www.gofundme.com/allison-prompts-for-freeswitch*
<https://www.gofundme.com/allison-prompts-for-freeswitch>

Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
/r/freeswitch <https://www.reddit.com/r/freeswitch>

*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170314/5e59c92f/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list