Tag Archives: elastix

Elastix 1.5 and 1.6 security vulnerability

If you’re still using Elastix 1.5 or 1.6 (or earlier) then it is critically important that you ensure you are not open to this vulnerability –

http://secunia.com/advisories/41330/

This allows anyone to download a list of extensions and secrets from your Elastix server, no password required! They can then use this information to place expensive calls through your server.

To test if you are vulnerable visit the following URLs in a web browser, replacing the IP address with your Elastix server IP –

http://x.x.x.x/modules/extensions_batch/libs/download_csv.php
https://x.x.x.x/modules/extensions_batch/libs/download_csv.php

The easiest was to secure your server from this is to delete the affected file (this was done in later releases) –

rm /var/www/html/modules/extensions_batch/libs/download_csv.php

There are active scans on the Internet looking for vulnerable servers.

FreePBX vs A2Billing

When you start looking at control panels for Asterisk it can be difficult to decide what you should be using – FreePBX or A2Billing.

While they are both web GUIs for setting up Asterisk, they are used for different things and which one to choose depends on your needs.

Here is a brief description of both to help you decide –

FreePBX

  • Used for setting up extensions and trunks for inbound and outbound calls
  • Includes lots of features of a traditional PBX – voicemail, IVRs, ring groups, queues etc.
  • Includes Call Detail Records (CDR) that logs all calls, their destination and duration

A2Billing

  • Used for billing for calls
  • Can be used to charge for calling card, sip user or regular outbound calls
  • The heart of A2Billing are the rate cards that include the per minute cost for all destinations allowed to be called
  • Least cost routing with multiple rate cards with the cheapest route being chosen
  • Admin and customer interfaces

So FreePBX is used to setup Asterisk with the features of a ‘traditional’ PBX and A2Billing focuses on billing for different types of calls.

It is also possible to combine the two and use A2Billing to account for outbound calls for extensions setup within FreePBX.

A2Billing is more complicated to setup than FreePBX. While it’s possible to setup an extension and trunk in FreePBX and start making calls very quickly there is quite a learning curve with A2Billing. Managing rate cards which hold all destinations and their cost can be quite complex.

All VPS templates offered by SysAdminMan include FreePBX – SysAdminMan, Trixbox, Elastix and PBX-in-a-flash

The following two templates include A2Billing – SysAdminMan and Elastix

Blocking Asterisk hacking/scanning attempts with fail2ban

Warning – if you follow these instructions fail2ban will, by default, be protecting you against other scans such as ssh attempts. This means though that if you get your IP blocked you will not be able to connect to your server from that IP. Ensure that you whitelist your IP by following the instructions at the end of the post.

Over the past few weeks we have seen a big jump in the scanning of VOIP servers. All of these scans are brute force scanning attempts that first scan for valid extension numbers and then to brute force guess the extension password by repeatedly trying different passwords.

Unfortunately Asterisk doesn’t have anything built-in to prevent these types of scans but it is very good at logging these attempts in the Asterisk logs. This means we can use a free utility called fail2ban and the linux iptables firewall to block IP addresses that make repeated failed login attempts.

Fail2ban is already included in PBX-in-a-Flash but we can also use it with other Asterisk distributions.

Continue reading

Disabling the OpenFire service in Elastix

Elastix includes an Instant Messenger server called OpenFire. While not enabled by default it is very easy to enable.

What’s not so obvious is how to disable OpenFire if you decide, once you’ve had a look at it, you don’t want/need to run it. You might want to do this as OpenFire runs on Java which can be quite memory hungry, also it opens another point of attack to your server.

The easiest way to disable it is via the command prompt by running –

service openfire stop

chkconfig openfire off

This will also stop it starting automatically when the server is rebooted.

Skype for Asterisk with Elastix

I was about to write a blog post about setting up Skype for Asterisk on Elastix but after searching round on the web I found this great blog post by ‘Bob’ on the Elastix website.

It gives a good walkthrough and screenshots for getting Skype for Asterisk from Digium up and running.

If you do want to install this on your Sysadminman Elastix VPS just open a support ticket first asking for an éth0’device to be setup as you’ll need this for the Digium registration process

Poor audio or music on hold with Trixbox

If you are using Trixbox (or probably any Asterisk distribution) with SIP trunks and the Dahdi dummy driver and experiencing poor audio or music on hold then it may be worth changing the ‘internal_timing’ setting.

This can be set be editing the file – /etc/asterisk/asterisk.conf file and making sure that the following 2 lines are not commented out (they should not have a ; in front of them) –

[options]
internal_timing = yes

In some cases this can improve the audio quality dramatically.

FreePBX IVR slow to respond

If you’re using FreePBX or one of the distributions that use it such as Trixbox, Elastix, PBX-in-a-Flash and are having a problem with IVRs being slow to respond it it is worth checking that you do not have “Enable Direct Dial” enabled for the IVR.

This option allows a customer to dial an extension number rather than an IVR menu option but this means that FreePBX has to wait to see if an extension number is being dialled, which can introduce a delay.

If you don’t need callers to be able to dial extensions from an IVR then you can turn this option off.

FreePBX - disable Enable Direct Dial

Calculating bandwidth for Asterisk calls

One of the things you need to do when looking for a server to run Asterisk on is figure out how much bandwidth you need for the number of concurrent calls you’re expecting to have.

A great tool for this can be found here – http://www.asteriskguru.com/tools/bandwidth_calculator.php

Just set the codec you’re going to be using (check with your VOIP provider – g.711/ulaw is usual and the highest quality), the connection type (usually SIP or IAX2 with Asterisk) and the number of concurrent calls. It will then display the bandwidth required for that many calls.

One thing to watch out for if you’re planning on mixing codecs (say g.711 on one leg of the call and g.729 on the other) is that your server will have to transcode/convert the audio which is processing intensive.  This may limit the number of concurrent calls your server can handle.

Also don’t forget that if you’re planning on running Asterisk at home your upload speed will normally be a lot slower than the download speed.