Forum

Unified Communications PBX System

Help us to improve VitalPBX

USD
End Pont Manager wi...
 

End Pont Manager with out port 80  

  RSS

Gary
 Gary
(@gary)
Estimable Member
Joined: 2 years ago
Posts: 133
25/11/2019 2:59 pm  

I changed the system from port 80 to a obscure port and firewalled port 80, (stand alone firewall in front of pbx) the gui works fine but I can not provision phones unless I open port 80, I tried adding http://YOUR-SERVER-IP/xepm-provision :XXXX but it did not work. system is hosted so phones are remote with dynamic IP's is the EPM locked to port 80/443

 


Quote
mrivera
(@ing-joserivera26)
Developer Admin
Joined: 2 years ago
Posts: 1889
25/11/2019 3:08 pm  

If you change the port, you must use:   http://YOUR-SERVER-IP: YOUR-NEW-PORT/xepm-provision


ReplyQuote
Gary
 Gary
(@gary)
Estimable Member
Joined: 2 years ago
Posts: 133
25/11/2019 3:38 pm  

I just had a very big supprise, i put that string into a browser followed by a mac address and the config file was displayed, this leaves the system wide open. Is there a secturity setting I have not enabled.

 


ReplyQuote
mrivera
(@ing-joserivera26)
Developer Admin
Joined: 2 years ago
Posts: 1889
25/11/2019 3:48 pm  

Actually, it only shows the config if you put the right mac address, so, an attacker must know your phone's mac address for vulnerate your system.

On the RC version, we're including a fail2ban filter to avoid brute force attacks to the provisioning URL.

https://vitalpbx.org/en/vitalpbx-2-3-9-rc/


ReplyQuote
Gary
 Gary
(@gary)
Estimable Member
Joined: 2 years ago
Posts: 133
25/11/2019 3:56 pm  

That will help but mac addresses from the same vendor do not vary much maybe last 6 characters

 

 


ReplyQuote
mrivera
(@ing-joserivera26)
Developer Admin
Joined: 2 years ago
Posts: 1889
25/11/2019 3:57 pm  

We are looking for an stronger solution. Sorry for the inconvenience. 


ReplyQuote
Share:

Please Login or Register