FYI Security Threat Resolved

Status
Not open for further replies.

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199

Following a root exploit on a FreePBX server, we received what appears to be a threat to penetrate or compromise either one of our servers or those belonging to our customers, users, or infrastructure (SourceForge). We take such threats seriously.

We would strongly advise all of our users to take the necessary steps to shut down web access to all of your servers and to implement a firewall immediately if you do not already have one.

CRofNrWW0AAt1Tu.jpg


In light of strong evidence suggesting a cozy relationship with certain members of the FreePBX Development Team, it makes the threats all the more concerning. It's one thing to hack your own computer at the request of a developer. It's quite another to threaten to do it to others.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199


We have received a couple of emails from @0x00string since this alert was posted. Based upon his apology and further independent research, we are closing this security alert notification. We would, of course, encourage everyone to keep a secure firewall in place with a whitelist that minimizes the opportunities for unlawful access to your server(s). All Certified Incredible PBX servers have this by default. On PIAF servers, you can add it by installing Travelin' Man 3.

What some don't appreciate is the tremendous waste of time and resources that comments like those posted above cause. As any lawyer would advise... Don't yell fire in a crowded theater. And don't boast about hacking into servers with reckless comments about who you plan to target next. You will note that there was no mention that the compromised server actually belonged to @0x00string. Hopefully, @0x00string will choose his words more carefully in the future.
 
Status
Not open for further replies.

Members online

Forum statistics

Threads
25,779
Messages
167,505
Members
19,199
Latest member
leocipriano
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top