Page 1 of 1

Help Security Concern Goautodial

PostPosted: Wed Nov 19, 2014 9:14 pm
by xenia2608
Help needed.
server specification:
GOautodial CE 3.3 Build: 140608-8000
Vicidial 2.9 RC1 (2.9.441a)
Asterisk 1.8.23
DAHDI Tools Version - 2.6.1
Distro name: Single Cloud Server CentOS release 5.11 (Final)
Kernel Version 2.6.18-398.el5 (SMP)
Processors 4
Model Intel(R) Xeon(R) CPU E5-2630L v2 2.40GHz
CPU Speed 2.4 GHz
RAM:8GB
cache size:4096 KB

I have installed goautodial on cloud server, and its in production mode, everything is working fine, but i always get worried about security concern even after a good iptables rule.i was just trying to get through some section of goautodial and found that we can still access the VICIDIAL default GUI. but suddenly i tried to access agc and each and every files within the folder was publicly available, there are some folder which can be accessible through the URL.

/var/www/html/agc : /ipaddress/agc
/var/www/html/vicidial : /ipaddress/vicidial
Is it safe to leave these folders as it is or should i implement some sort of restriction to disable access to these folders for public access.
first i thought to put a index file within all the folders wherever its not present or restrict the directory permission only for root.
GoAutoDial uses 443 port for web interface, so can i also close down port no 80 to prevent any direct access to GoAutoDial or its any of directory, at least in this way i will be able to reduce some crackers load on my server.
whether should i go with above steps or not?
Thanks

Re: Help Security Concern Goautodial

PostPosted: Thu Nov 20, 2014 6:39 pm
by gardo
If you don't want those folders publicly accessible, you can just change their permissions or remove them from the web servers root directory. You can also add an index file so that the directory is not browseable.

Since your server is hosted, it's best to use HTTPS instead of HTTP so web traffic is encrypted.

Re: Help Security Concern Goautodial

PostPosted: Fri Nov 21, 2014 9:15 am
by xenia2608
i tried to block all incoming traffic to port number 80 using iptables rule but seems to be its not working.
i can still access web agent portal using port 80 and even i have checked open port on my server it still says port 80 is open.

can you please give me iptables rules to block incoming for port 80 and is it ok if i block outgoing on port 80 as well.