We are currently detecting growing attack on Elastix PBX.  The symptom that we see that your PBX is being used to make outgoing calls.  It is also using huge amount of CPU as well.

Our staff may send your ticket notification regarding High CPU usage.  If you are receiving this ticket and using Elastix,  please check the following in order to find whether you are detected.

1.  type iptables -nL.  If your iptables is off or have port 80 and 443 open,  you are most likely affected.
2.  You can verify in your /tmp folder an exsitance of mgtest file.  Type ls -al  /tmp/mgtest*
3.  You can also search your log files.  grep mgtest /var/log/httpd/*.  You may see logs at the same time or around the time the mgtest files created.

What we have done.

1.  If our staff sees this issue and has cycle to investigate further, our staff will review per above steps.  If we determine the http and https port is open,  we will modify your firewall and close them.  Our staff will reboot the PBX.  This is to stop the outgoing calls as soon as possible.

2.  If your firewall rule is empty or very different from the original one,  our staff will send you a ticket/email.  Since this is an unmanaged system,  we could not possibly study your firewall setting preference in detail. You should immediately attend to your PBX and make sure that your web interface is protected.

Please,  it is also a good time to review our security recommendation http://www.rentpbx.com/support/knowledgebase/44/Closing-access-to-Web-Configuration.html 


Monday, November 11, 2013

« Back