Hello All-- First time posting hear.
I need some guidance with a security issue.
Hear is a note I took at the time we noticed the attack:
The attack occurred on our clients virtual machine (Debian), which we host on site. This VM is running our clients PBX and it appears the attacker used an HTTP exploit and weak Elastix code. The intruder created file in /var/ (e.g., small shell program, see attached) directory. The attacker has root access to Apache with user privilege 'asterisk'.
This is a link to the PHP file which alerted us to this attack: and it is attached.
We are operating on the assumption that the intruder wanted to gain access and place international phone calls. And we are working to correct this issue.
My question is what can we do to mitigated this type of security breach in the future?
In this case the PHP file was created with malicious intent and we were caught unaware. We only noticed this attack by chance when manual log files.
We can configure snort, or some other IDS, to alert us when files are created in /var/ and create other rules to alert us of suspicious activities and notify our team.
~Thanks
I need some guidance with a security issue.
Hear is a note I took at the time we noticed the attack:
The attack occurred on our clients virtual machine (Debian), which we host on site. This VM is running our clients PBX and it appears the attacker used an HTTP exploit and weak Elastix code. The intruder created file in /var/ (e.g., small shell program, see attached) directory. The attacker has root access to Apache with user privilege 'asterisk'.
This is a link to the PHP file which alerted us to this attack: and it is attached.
We are operating on the assumption that the intruder wanted to gain access and place international phone calls. And we are working to correct this issue.
My question is what can we do to mitigated this type of security breach in the future?
In this case the PHP file was created with malicious intent and we were caught unaware. We only noticed this attack by chance when manual log files.
We can configure snort, or some other IDS, to alert us when files are created in /var/ and create other rules to alert us of suspicious activities and notify our team.
~Thanks