wardmundy
Nerd Uno
- Joined
- Oct 12, 2007
- Messages
- 19,202
- Reaction score
- 5,224
A user on the trixbox forums has found a rootkit exploit on his server. 
Simple test:
Simple test:
Code:
ls -all /sbin/init.zk
TB Rootkit Exploit Found
- Thread starter wardmundy
- Start date
I admittedly try to avoid any & all things green, and only know about the most recent occurences through other forums/articles/etc... so I took a quick scan of their Open Discussion, and found at the top:
The Beginning of the End
http://www.trixbox.org/forums/trixbox-forums/open-discussion/begining-end-ce
Suprisingly, many of the same people I knew & loved are still there, all in various stages of having given up. I understand 'the mob' aka 'the masses' can be dumb as sheep, but these guys are the ones 'that know' and are intimately aware. I suppose things become self-evident to people at different levels of obviousness, lol.
A very long, but interesting read... nothing different than what so many were saying this time last year I suppose.
The Beginning of the End
http://www.trixbox.org/forums/trixbox-forums/open-discussion/begining-end-ce
Suprisingly, many of the same people I knew & loved are still there, all in various stages of having given up. I understand 'the mob' aka 'the masses' can be dumb as sheep, but these guys are the ones 'that know' and are intimately aware. I suppose things become self-evident to people at different levels of obviousness, lol.
A very long, but interesting read... nothing different than what so many were saying this time last year I suppose.
A user on the trixbox forums has found a rootkit exploit on his server.
Simple test:
Code:ls -all /sbin/init.zk
the trixbox link returns a page not found error for me...
For hacks, rootkits, ect, how much is truly the blame of fonality platform vs. poor network security (operator fault)? Is there something inherently more insecure in trixbox vs PiaF, Elastix, Switchvox, ect???
PiaF has done a good job being proactive on adding security features like fail2ban and setting IP Tables into the distribution, but if an operator choses to turn these features off, the system is as vulnerable as the next. Right?
A user on the trixbox forums has found a rootkit exploit on his server.
Simple test:
Code:ls -all /sbin/init.zk
That page is gone.
wardmundy
Nerd Uno
- Joined
- Oct 12, 2007
- Messages
- 19,202
- Reaction score
- 5,224
Interesting. It appears the thread was deleted about the time California got to work this morning. That's one way to handle security threats, I suppose. Here's what's left of it on Google...
Rootkit Found on my Trixbox Server | trixbox
Jan 26, 2009 ... A quick Google turned up many hints that this was rootkit related. I ran rootkit hunter, but this turned up nothing. ...
www.trixbox.org/forums/trixbox-forums/open-discussion/rootkit-found-my-trixbox-server - 4 hours ago - Similar pages -
Rootkit Found on my Trixbox Server | trixbox
- 3:22pmJan 26, 2009 ... On further checking, I found evidence of the zk rootkit - eg: an init.zk file in /sbin. At this point I just started a reinstall - which took all of about 30 mins, including a config restore. Now, this server is behind a hardware firewall with no general access and the only ports open are those for SIP, RTP and IAX2. ...
www.trixbox.org/forums/trixbox-forums/open-discussion/rootkit-found-my-trixbox-server - 5 hours ago
Rootkit Found on my Trixbox Server | trixbox
- 3:22pmJan 26, 2009 ... So I get in via this and get root via vmsplice and then suddenly Bob's your uncle and the box isn't yours anymore. ...
www.trixbox.org/forums/trixbox-forums/open-discussion/rootkit-found-my-trixbox-server - 5 hours ago
Rootkit Found on my Trixbox Server | trixbox
- 3:22pmJan 26, 2009 ... SIP and IAX2 exploits are from 2007, there has been an information disclosure weakness in IAX2 too, which has been announced some days ago. ...
www.trixbox.org/forums/trixbox-forums/open-discussion/rootkit-found-my-trixbox-server - 5 hours ago
Rootkit Found on my Trixbox Server | trixbox
- 3:22pmJan 26, 2009 ... The vmsplice 'exploit' requires user rights to execute code on the box, that requires access either locally or remotely. ... aka "Skyking".
www.trixbox.org/forums/trixbox-forums/open-discussion/rootkit-found-my-trixbox-server - 5 hours ago
And then there's this result from donbusca.com:
Rootkit Found on my Trixbox Server | trixbox
Jan 26, 2009 ... A quick Google turned up many hints that this was rootkit related. I ran rootkit hunter, but this turned up nothing. ...
www.trixbox.org/forums/trixbox-forums/open-discussion/rootkit-found-my-trixbox-server - 4 hours ago - Similar pages -
Rootkit Found on my Trixbox Server | trixbox
- 3:22pmJan 26, 2009 ... On further checking, I found evidence of the zk rootkit - eg: an init.zk file in /sbin. At this point I just started a reinstall - which took all of about 30 mins, including a config restore. Now, this server is behind a hardware firewall with no general access and the only ports open are those for SIP, RTP and IAX2. ...
www.trixbox.org/forums/trixbox-forums/open-discussion/rootkit-found-my-trixbox-server - 5 hours ago
Rootkit Found on my Trixbox Server | trixbox
- 3:22pmJan 26, 2009 ... So I get in via this and get root via vmsplice and then suddenly Bob's your uncle and the box isn't yours anymore. ...
www.trixbox.org/forums/trixbox-forums/open-discussion/rootkit-found-my-trixbox-server - 5 hours ago
Rootkit Found on my Trixbox Server | trixbox
- 3:22pmJan 26, 2009 ... SIP and IAX2 exploits are from 2007, there has been an information disclosure weakness in IAX2 too, which has been announced some days ago. ...
www.trixbox.org/forums/trixbox-forums/open-discussion/rootkit-found-my-trixbox-server - 5 hours ago
Rootkit Found on my Trixbox Server | trixbox
- 3:22pmJan 26, 2009 ... The vmsplice 'exploit' requires user rights to execute code on the box, that requires access either locally or remotely. ... aka "Skyking".
www.trixbox.org/forums/trixbox-forums/open-discussion/rootkit-found-my-trixbox-server - 5 hours ago
And then there's this result from donbusca.com:
- Rootkit Found on my Trixbox Server | trixbox
Rootkit Found on my Trixbox Server. linker3000. Posts: 106. Member Since: 2006- 06-08. Submitted by linker3000 on Mon, 01/26/2009 - 6:03am. Hi Folks, ...
www.trixbox.org/forums/trixbox-forums/open-discussion/rootkit-found-my-trixbox-server - 5 hours ago - PBX in a Flash Forum - Search Results
A user on the trixbox forums (http://www.trixbox.org/forums/trixbox-forums/open- discussion/rootkit-found-my-trixbox-server) has found a rootkit exploit on ...
www.pbxinaflash.com/forum/search.php?do=finduser&userid=1&searchthreadid=3233 - 3 hours ago - Recent posts | trixbox
Forum topic, Rootkit Found on my Trixbox Server, linker3000, 5, 3 min 25 sec ago . Forum topic, GUI not installed properly, talawson, 3, 3 min 48 sec ago ...
www.trixbox.org/tracker - Linux.com :: Mystery infestation strikes Linux/Apache Web sites
We haven't found a good answer yet for disinfecting compromised servers, ..... It happened to my server. All file under /bin were replaced. .... This software asked where the trixbox is and then asked for the root password to it. .... AVG now has a free RootKit detection program for Windows but not Linux yet. ...
www.linux.com/feature/125548 - Missing Posts | trixbox
How to file a bug report Rootkit Found on my Trixbox Server ›. --. Michael Mathewson CCNA,MCSE Owner/Consultant Northeast CT IT Solutions ...
www.trixbox.org/forums/trixbox-forums/open-discussion/missing-posts - 5 hours ago - Complete System Sweep - An all-in-one performance suite. Instantly ...
I was having alot of trouble getting a freepbx server to register with my voip provider so I switched to 3cx and haven't looked back. It was easy to. ...
complete-system-sweep.qarchive.org/ - T38 working....but not in the way I wish | trixbox
Jan 26, 2009 ... When trixbox send the re-invite with T38 is sending the IP address of the VG ... Rootkit Found on my Trixbox Server Error after upgrade › ...
www.trixbox.org/forums/trixbox-forums/open-discussion/t38-workingbut-not-way-i-wish - 3 hours ago
The Deacon
Guru
- Joined
- Jan 29, 2008
- Messages
- 296
- Reaction score
- 14
Hmmm.... uh-huh... sure
Looks like most of the copies are gone from the Google cache, but here is an interesting post on the green box forum that "explains" the missing messages & other such mysteries of the universe...
http://www.trixbox.org/forums/trixbox-forums/open-discussion/missing-forum-posts-and-downtime-issues
Unbelievable.
Looks like most of the copies are gone from the Google cache, but here is an interesting post on the green box forum that "explains" the missing messages & other such mysteries of the universe...
http://www.trixbox.org/forums/trixbox-forums/open-discussion/missing-forum-posts-and-downtime-issues
Unbelievable.
Forum statistics
Get 3CX - Absolutely Free!
Link up your team and customers 
Phone System Live Chat Video Conferencing
Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.
Verify your Email
Check your inbox!
We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).
Upon verification you will be directed to the 3CX setup wizard.