Help Security Concern Goautodial

General and Support topics relating to ViciDialNow and GoAutoDial ISO installers

Moderators: enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, s0lid

Help Security Concern Goautodial

Postby xenia2608 » Wed Nov 19, 2014 9:14 pm

Help needed.
server specification:
GOautodial CE 3.3 Build: 140608-8000
Vicidial 2.9 RC1 (2.9.441a)
Asterisk 1.8.23
DAHDI Tools Version - 2.6.1
Distro name: Single Cloud Server CentOS release 5.11 (Final)
Kernel Version 2.6.18-398.el5 (SMP)
Processors 4
Model Intel(R) Xeon(R) CPU E5-2630L v2 2.40GHz
CPU Speed 2.4 GHz
RAM:8GB
cache size:4096 KB

I have installed goautodial on cloud server, and its in production mode, everything is working fine, but i always get worried about security concern even after a good iptables rule.i was just trying to get through some section of goautodial and found that we can still access the VICIDIAL default GUI. but suddenly i tried to access agc and each and every files within the folder was publicly available, there are some folder which can be accessible through the URL.

/var/www/html/agc : /ipaddress/agc
/var/www/html/vicidial : /ipaddress/vicidial
Is it safe to leave these folders as it is or should i implement some sort of restriction to disable access to these folders for public access.
first i thought to put a index file within all the folders wherever its not present or restrict the directory permission only for root.
GoAutoDial uses 443 port for web interface, so can i also close down port no 80 to prevent any direct access to GoAutoDial or its any of directory, at least in this way i will be able to reduce some crackers load on my server.
whether should i go with above steps or not?
Thanks
VERSION: 2.14-719a BUILD: 190930-2110 |Asterisk 13.27.0-vici|
|1xDatabase-Standalone|
RAM:16GB DDR4 2133 MHZ|SSD:256 GB|Intel Xeon E3 1240v6|Core 4x3.70 GHz
|1xWeb and Telephony|
RAM:16GB DDR4 2133 MHZ|SSD:512 GB|Intel Xeon E3 1240v6|Core 4x3.70 GHz
xenia2608
 
Posts: 31
Joined: Wed Nov 19, 2014 4:39 pm

Re: Help Security Concern Goautodial

Postby gardo » Thu Nov 20, 2014 6:39 pm

If you don't want those folders publicly accessible, you can just change their permissions or remove them from the web servers root directory. You can also add an index file so that the directory is not browseable.

Since your server is hosted, it's best to use HTTPS instead of HTTP so web traffic is encrypted.
http://goautodial.com
Empowering the next generation contact centers
gardo
 
Posts: 1926
Joined: Fri Sep 15, 2006 10:24 am
Location: Manila, 1004

Re: Help Security Concern Goautodial

Postby xenia2608 » Fri Nov 21, 2014 9:15 am

i tried to block all incoming traffic to port number 80 using iptables rule but seems to be its not working.
i can still access web agent portal using port 80 and even i have checked open port on my server it still says port 80 is open.

can you please give me iptables rules to block incoming for port 80 and is it ok if i block outgoing on port 80 as well.
VERSION: 2.14-719a BUILD: 190930-2110 |Asterisk 13.27.0-vici|
|1xDatabase-Standalone|
RAM:16GB DDR4 2133 MHZ|SSD:256 GB|Intel Xeon E3 1240v6|Core 4x3.70 GHz
|1xWeb and Telephony|
RAM:16GB DDR4 2133 MHZ|SSD:512 GB|Intel Xeon E3 1240v6|Core 4x3.70 GHz
xenia2608
 
Posts: 31
Joined: Wed Nov 19, 2014 4:39 pm


Return to ViciDialNow - GoAutoDial

Who is online

Users browsing this forum: No registered users and 30 guests