Jump to content

Passwords in default domain


John

Recommended Posts

Hello,

 

as you know we operate the hosted edition. Two accounts in the default domain pbx.company.com (localhost) gotten hacked. We have never used these accounts, we didn't even knew the sip passwords until after the incident

 

Are the sip passwords for the extensions in the default domain the same after each installation or are they generated randomly? Because it is unlikely the intruders acquired them through a brute force attack since we have set an ip to be blocked for a week after three unsuccesful registration attempts.

 

Thanks

John

 

 

Link to comment
Share on other sites

Yes by default the PBX generates a pretty random password. If the account got hacked, it would be highly unlikely that this was because the passwords were too weak. Maybe they were a left over from an old installation where passwords were like 40/40 and so on, which is pretty easy to hack. We strongly suggest to set the medium password policy; then you will be able to see what accounts have weak passwords and ask them to change it.

Link to comment
Share on other sites

This isn't the case for us, the base installation was 5.1.3 which already included password policy (and I think medium is the default value).

 

Is there any other way we can find more info about the incident apart from the log in /var/log/snomONE?

Link to comment
Share on other sites

If you log to the file system (including the $ placeholder for the date), you would have a 3 day log history where you could try to dig out details. And if you receive emails on important events you might see that someone was blacklisted because of too many unauthorized attempts, containing more information. I would suggest that you at least set up the email reporting, because this is a cheap, focused reporting on important events and if you set up a rule in your email program then you can move it into the right folder for potential later follow-up.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...