This must be blogged - all I can say is “Holy Shit!”
An Asterisk box I had set up for a client with ~ 10 extensions was compromised this morning at about 12 AM… and they really did a number on it. I apologize if you were a victim of this attack however there was really no way of telling it was happening until it was too late.
Over 2000 “phishing” calls were placed over the past 20 hours, majority of them during extremely late hours and to only a small group of numbers - meaning a lot of repeat calls… My inbox quickly filled with pissed off voicemails from Texas residents - once the server was taken down.
Now a DDOS attack is bad, but can generally be fixed - A web site’s content being compromised is worse - but when hundreds of people are being called late a night asking for their VISA card numbers : That’s a tragedy!
I have taken down the server and have a feeling it was compromised via the Flash Operator Panel which no one ever uses, but the last logs were not cleared and the bash history looked like mine - so it must have been some type of web based attack. I am downloading the VM to test locally so I can figure out exactly what happened and why, so it will never happen again.
A word of warning to people hosting any type of streaming application / telephony service - LOCK DOWN your shit to the max! A website is visited by choice - a phone call while you are asleep is intrusion, BE CAREFUL!
On a positive note - VoipYourLife is a super wicked VoIP provider for home / business - they had no problem shelling out 2000 calls in < 20 hours - I strongly recommend them!
Hacks
Asterisk, Hell, VoIP
I don’t know if you caught the promo for Hak5 on Diggnation, but it looked pretty cool. I was excited to check out Revision3’s newest addition based on the advertised topics and content, unfortunately I was extremely disappointed.
The show could be awesome - they have a great setup and occasionally hint on neat new ideas however I have a couple problems with it.
- Darren talks too much and is extremely repetitive.
- The beer drinking looks forced, plus it’s overdone.
- No one cares about Windows… or its limitless insecurities/vulnerabilities. This seems to be the topic of every show.
- Everyone looks so uncomfortable, and they try WAY too hard to be funny… FAIL.
- I think Shannon was hired as an equal opportunity employee, that or to get female viewers, regardless she is misinformed (I am not trying to be mean).
- The “Hamster Dance” song should not be played anywhere but the deepest reaches of hell.
I could go on forever but there is something about it that makes me watch every week, I can not explain why (so they must be doing something right). I really wish these guys would cover more interesting topics such as Asterisk, IPTables, Bind or NAS and stop trying to be funny! It is not working. Otherwise it is a lot of fun.
Uncategorized
Podcast, Revision3
After playing with SquareSpace I was inspired to begin development on my own jQuery driven WYSIWYG CSS Tool. It is in its infant stages however I think this would be a wicked addition to Launchr though so I will continue to play with it in my spare time until I get i right…
I made a quick screencast last week to show a friend what it can do, but since you are all friends I thought maybe I should show you all as well. Like I said it is a new born, but it will grow! I have the help of a fellow developer if he can ever find the time away from C++ and ASP.
Click here to watch out the demo video (quicktime .mov).
Hopefully we will have an open version available to you guys to experiment with within the next few weeks.
Programming
AJAX, CSS, jQuery
Launchr is a new project of mine created late one night for a friend who needed to capture emails for a major book promotion. He pretty much just needed to be able to create a landing page, another page to thank the user for signing up and he wanted to be able to write a message to be automatically sent to the user after submitting their email.
Well the project just took off and the momentum was ridiculous. I finished writing a working version in a few hours - then skimmed over it the next day and decided to expand on the idea, it is now a wicked little marketing app!
Anyway if you are interested in receiving a pre-release copy, submit your email and give it a whirl! It wont cost you anything and I promise no spam.
Products, Programming
Marketing, Product Launch, Projects, SEO
Last night while reading through some interesting articles at nerdvittles.com I stumbled upon a wicked little Asterisk PHPAGI script for web initialized inbound calling with Callback and DISA.
I added a form to the code because it was basic and only accepted phone numbers from the GET string however it pretty much works perfectly out of the box. What it does is allow you to enter a phone number in a input box and passes it to a custom extension that calls the number with a dial tone.
With any free incoming cell phone plan, you can imagine how much money you can save - especially with long distance!
Link to original code.
Very cool!
Hacks, How-To
Asterisk, SIP, VoIP