I dont know whats wrong because I have inputted the standard cronjobs in the crontab. But seems like after one or two days, my crontab shows to be empty.
The crontab shows like below
* * * * * /tmp/ast
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"/tmp/crontab.EeReUx" 1L, 19C
And also my cpu load in admin panel of vicidial shows something like 400-100%
What might be wrong please?
crontab
Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N
8 posts
• Page 1 of 1
Re: crontab
by GenXOutsourcing » Thu May 06, 2021 4:00 pm
You have been HACKED........
A client came to me with the same, their load was very high and the dialer was not working.
There are files all over the place, the /tmp/ast and the /root/.ssh/authorized_keys and even an /etc/initd
Took about 3hrs to find all of it.
A client came to me with the same, their load was very high and the dialer was not working.
There are files all over the place, the /tmp/ast and the /root/.ssh/authorized_keys and even an /etc/initd
Took about 3hrs to find all of it.
Built too many to count, Alma Scratch install, Opensuse Scratch install, Centos8 Scratch install, etc.
Dual 8 core/32gb RAM/500gb SSDs
SVN Version:3878
genxoutsourcing.com
Dual 8 core/32gb RAM/500gb SSDs
SVN Version:3878
genxoutsourcing.com
- GenXOutsourcing
- Posts: 123
- Joined: Sun Sep 22, 2019 12:53 am
Re: crontab
by Zaraab » Fri May 07, 2021 12:21 am
So vicidial is subjected to a hack? 
and what did you find after 3hrs?
and what did you find after 3hrs?
A VICIDIAL ENTHUSIAST
OS BASED LEARNING : CentOS - openSUSE
INSTALLATION METHODS : MOSTLY SCRATCH & STD INSTALLATION WITH .ISO
HELP - BELIEVE - INNOVATE
OS BASED LEARNING : CentOS - openSUSE
INSTALLATION METHODS : MOSTLY SCRATCH & STD INSTALLATION WITH .ISO
HELP - BELIEVE - INNOVATE
- Zaraab
- Posts: 151
- Joined: Fri May 22, 2020 1:21 pm
Re: crontab
by mflorell » Fri May 07, 2021 6:55 am
Just about any Internet-facing server can get hacked, and there is no 100% safe way to recover a server from a hack like that other than completely wiping the server and installing everything over again.
The best way to make sure the server is not hacked again is to: use long passwords, implement a strict firewall and keep the software on the server updated.
The best way to make sure the server is not hacked again is to: use long passwords, implement a strict firewall and keep the software on the server updated.
- mflorell
- Site Admin
- Posts: 18406
- Joined: Wed Jun 07, 2006 2:45 pm
- Location: Florida
Re: crontab
by GenXOutsourcing » Fri May 07, 2021 10:47 am
Zaraab wrote:So vicidial is subjected to a hack?
and what did you find after 3hrs?
It is/was crypto mining.
But as Matt said, the ONLY way to be 100% sure, is to reinstall.
What I did was an emergency for the client, and I am waiting for them to decide when I can reinstall their system. Yes, its working......... is it clean and secure........ i doubt it.
Built too many to count, Alma Scratch install, Opensuse Scratch install, Centos8 Scratch install, etc.
Dual 8 core/32gb RAM/500gb SSDs
SVN Version:3878
genxoutsourcing.com
Dual 8 core/32gb RAM/500gb SSDs
SVN Version:3878
genxoutsourcing.com
- GenXOutsourcing
- Posts: 123
- Joined: Sun Sep 22, 2019 12:53 am
Re: crontab
by carpenox » Fri May 07, 2021 11:17 am
check out my blog for securing your vicidial server the.cyburhacker.com
Alma Linux 9.5 | SVN Version: 3920 | DB Schema Version: 1725 | Asterisk 18.26.0 | PHP8
https://dialer.one -:- 1-833-DIALER-1 -:- https://linktr.ee/CyburDial -:- WA: +19549477572
DC: https://discord.gg/DVktk6smbh -:- TG: https://t.me/+wkDmkF9U4aUxOGYx
https://dialer.one -:- 1-833-DIALER-1 -:- https://linktr.ee/CyburDial -:- WA: +19549477572
DC: https://discord.gg/DVktk6smbh -:- TG: https://t.me/+wkDmkF9U4aUxOGYx
- carpenox
- Posts: 2595
- Joined: Wed Apr 08, 2020 2:02 am
- Location: St Petersburg, FL
Re: crontab
by Zaraab » Wed May 12, 2021 6:06 am
mflorell wrote:Just about any Internet-facing server can get hacked, and there is no 100% safe way to recover a server from a hack like that other than completely wiping the server and installing everything over again.
The best way to make sure the server is not hacked again is to: use long passwords, implement a strict firewall and keep the software on the server updated.
hey Mat thank you so much for a headsup!
So basically the server is in oracle cloud and oracle cloud has highly restricted way to SSH access or connect to their servers. Its strictly bound to their VCNI and ssh key matches.
Is there something like a backdoor through which my server has been hacked as because I scratch installed it?
A VICIDIAL ENTHUSIAST
OS BASED LEARNING : CentOS - openSUSE
INSTALLATION METHODS : MOSTLY SCRATCH & STD INSTALLATION WITH .ISO
HELP - BELIEVE - INNOVATE
OS BASED LEARNING : CentOS - openSUSE
INSTALLATION METHODS : MOSTLY SCRATCH & STD INSTALLATION WITH .ISO
HELP - BELIEVE - INNOVATE
- Zaraab
- Posts: 151
- Joined: Fri May 22, 2020 1:21 pm
Re: crontab
by mflorell » Wed May 12, 2021 6:29 am
I have no idea, I'm not familiar with the Oracle cloud at all, and we only use OpenSuSE, so any other distro would have other vulnerabilities that I'm not familiar with.
- mflorell
- Site Admin
- Posts: 18406
- Joined: Wed Jun 07, 2006 2:45 pm
- Location: Florida
8 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 111 guests