We have seen events where a unauthorized person try's to gain access to the Allworx system SMTP services (outbound email) by way of brute force or password list. Typically this will cause the Allworx system to lock up, and a manual reboot by the system administrator. You will find evidence of this in the system event log located at (Reports > System Events).
EXAMPLE:
Jan 31 03:03:12 tSmtpd2005: SMTPD: Unable to locate user [administrator] from the database
Jan 31 03:03:14 tSmtpd2005: SMTPD: Unable to locate user [administrator] from the database
Jan 31 03:03:17 tSmtpd2005: SMTPD: Unable to locate user [administrator] from the database
Jan 31 03:03:19 tSmtpd2005: SMTPD: Unable to locate user [administrator] from the database
Jan 31 03:03:21 tSmtpd2005: SMTPD: Unable to locate user [administrator] from the database
This is typically a unauthorized person trying to brake in and configure an SMTP Mail relay to send SPAM or malicious e-mails using the Allworx system.
To prevent this use a third party firewall and block port 25 to the Allworx from the WAN interface of the firewall.
If your system in is in "NAT Firewall /w DMZ" mode make sure the SMTP Port has been disabled
Note: Make sure your system is updated to the most recent revision for the software. Latest version of 7.5 is currently 7.5.11.7
If this has happen to you. You will need to check the handsets page for corruption and missing handset profiles. In some instances a brute force attempt has caused damage to the database of the software. Typically, this results in a few handset profiles disappearing from the admin page, and can not be modified, deleted or recreated.
To resolve the damage, a restore from back up will be necessary.
Alternatively, you can export the system configuration, reformat, reload all setting except for the handsets, and finally rebuild the handset profiles.
This is an procedure which, should only be taken as a last resort.
SMTP, error, lockup, frozen, reboot, missing, handsets, attack, hacker
EXAMPLE:
Jan 31 03:03:12 tSmtpd2005: SMTPD: Unable to locate user [administrator] from the database
Jan 31 03:03:14 tSmtpd2005: SMTPD: Unable to locate user [administrator] from the database
Jan 31 03:03:17 tSmtpd2005: SMTPD: Unable to locate user [administrator] from the database
Jan 31 03:03:19 tSmtpd2005: SMTPD: Unable to locate user [administrator] from the database
Jan 31 03:03:21 tSmtpd2005: SMTPD: Unable to locate user [administrator] from the database
This is typically a unauthorized person trying to brake in and configure an SMTP Mail relay to send SPAM or malicious e-mails using the Allworx system.
To prevent this use a third party firewall and block port 25 to the Allworx from the WAN interface of the firewall.
If your system in is in "NAT Firewall /w DMZ" mode make sure the SMTP Port has been disabled
Note: Make sure your system is updated to the most recent revision for the software. Latest version of 7.5 is currently 7.5.11.7
If this has happen to you. You will need to check the handsets page for corruption and missing handset profiles. In some instances a brute force attempt has caused damage to the database of the software. Typically, this results in a few handset profiles disappearing from the admin page, and can not be modified, deleted or recreated.
To resolve the damage, a restore from back up will be necessary.
Alternatively, you can export the system configuration, reformat, reload all setting except for the handsets, and finally rebuild the handset profiles.
This is an procedure which, should only be taken as a last resort.
SMTP, error, lockup, frozen, reboot, missing, handsets, attack, hacker