How to – Upgrade OpenSuSE from Leap 15.1 to 15.2 or 15.3
How to – Upgrade OpenSuSE from Leap 15.1 to 15.2 or 15.3 is what will be covered in this brief tutorial. Just change the 15.2 to 15.3 in any of the steps below to switch to 15.3 instead.
Step 1 – Preparing for upgrade by enabling the proper repository
zypper modifyrepo --enable openSUSE-Leap-15.1-Update
zypper ref
zypper up
Step 2 – Change existing repo’s for the others
This next part will change the repo’s to 15.2 and then we will start the fun part.
files="$(zypper lr -u | awk -F'|' '$4 ~ /Yes/ { gsub (" ", "", $2); r="/etc/zypp/repos.d/"$2".repo"; print r }')"
for f in $files
doecho "Backup of $f saved to /root/ before patching it up ..."
cp -f "$f" /root/sed -i 's+/leap/15.1+/leap/$releasever+' "$f"
sed -i 's+15.1.1+15.2+' "$f"
sed -i 's+15.1+15.2+' "$f"
done
If you have any problems, just comment here and I will help you out the best I can or you can drop by our Skype Group chat: https://join.skype.com/ujkQ7i5lV78O . Hope this helps a lot of you out there.
]Make sure you copy mod_php7.conf to php7.confor the dynportal and audiostore conf files will cause apache to have errors. You can do so with the following command:
This article will show you how to secure Vicidial server correctly. This is definitely one of the topics, that I am asked about the most, so with that being said, this will be a multipart series with different “layers” of security from the basic way you need to secure your system in todays remote world, and as advanced as encrypted passwords, recordings, two factor authentication and more.
Securing Vicidial
The steps I will cover in this article, will be the steps to take once you have finished installing a fresh Vicidial server. It will cover a single server setup, not a cluster which requires some additional steps to be shown later on in this series. This article will also presume you are setting this up for remote access, not just local. Let’s get started.
Secure Vicidial
Step 1 – Setup access through YAST firewall.
At the Linux CLI, type “yast firewall” and the following screen will pop up:
Go down to “Interfaces” and select your NIC card that has WAN access and change the zone from default to public:
Change default zone to public
Then TAB over to the public zone and remove all entries but apache2-ssl and ssh, then add viciportal-ssl.
Public Zone services to allow
Finally, add these services to your “Trusted” zone and TAB over to [Accept] and press enter.
Trusted Zone services to allow
This completes the first step for securing your Vicidial server’s firewall access.
Step 2 – Granting access for Dynamic portal & IP whitelist access only through the VB-firewall crontab entry
The next thing you need to do is change the crontab entry from blacklist being blocked to whitelist and dynamic access only. To do so, type “crontab -e” at your Linux CLI and you should see the following:
crontab -e
“Page down” until you see the VB-firewall entries near the bottom and change them as you see below:
Make the changes you see above and press cntl+X to save and follow the prompts to save it.
Ok, so these steps above will prepare your server for the next steps of this process which I have written in other articles already, but I will link them here for easy navigation.
Step 3 – Enabling IP Whitelist
You can follow my blog post about IP whitelist, here.
Step 4 – Setting up the dynamic portal
You can follow the article for these instructions, here.
Dynportal
Well, that’s it for part 1, you have now setup your system for secure remote access to your server through IP whitelist & dynamic portal only. As always, feel free to comment below with any questions or issues you have along the way. My team and I are always available to help our Vicidial community secure themselves against the threats todays world comes with such as BazarCall malware, Ryuk and Conti Ransomwares and other cyber threats that directly target the telecommunications industry. Please protect yourself accordingly, if you need help with this, please fill out the form below for a FREE security audit or if you need some technical assistance on your servers.
Well, that’s it from us here at CyburDial for today, but please stay tuned for Part 2 of this series which will cover adding in other servers for a cluster type environment and how to allow access only to certain services on each server that are needed for communication between the cluster such as MySQL.
How to – Scratch install instructions for Vicidial on OpenSuSE Leap 15.3 with Asterisk 16.17.0
So, I have decided to write up a scratch install instructions for Vicidial on OpenSuSE Leap 15.3 with Asterisk 16.17-0 instead of Asterisk 13 and wanted to share the instructions step by step. I have not tested this yet.
zypper ar http://download.opensuse.org/distribution/leap/15.3/repo/oss/ openSUSE-Leap-15.3-Oss
zypper ar http://download.opensuse.org/repositories/devel:/languages:/perl/openSUSE_Leap_15.3/ openSUSE-Leap-15.3-PERL
zypper ar http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_Leap_15.3/ openSUSE-Leap-15.3-PHP-Applications
zypper ar http://download.opensuse.org/update/leap/15.3/oss/ openSUSE-Leap-15.3-Update
zypper ar https://download.opensuse.org/repositories/home:vicidial:asterisk-13/openSUSE_Leap_15.3/home:vicidial:asterisk-13.repo
zypper ar https://download.opensuse.org/repositories/home:/vicidial/openSUSE_Leap_15.3/home:vicidial.repo
zypper ar https://download.opensuse.org/repositories/home:/vicidial:/vicibox/openSUSE_Leap_15.3/home:vicidial:vicibox.repo
zypper ar https://download.opensuse.org/repositories/home:/zippy:/jx:/packages-ready/openSUSE_Leap_15.3/ home_zippy_jx_packages-ready
zypper addrepo https://download.opensuse.org/repositories/devel:languages:python:Factory/openSUSE_Leap_15.3/devel:languages:python:Factory.repo
zypper ref
zypper up
zypper in dahdi*
zypper in libpri*
zypper in libedit*
zypper in net-snmp*
zypper in libjansson4*
zypper install sqlite3-devel mariadb-server mariadb make patch gcc gcc-c++ subversion php php-devel php-gd gd-devel php-mbstring php-mcrypt php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel httpd libpcap libpcap-devel libnet ncurses ncurses-devel screen mysql-devel ntp mutt wget nano unzip sipsak sox libuuid-devel httpd php-common php-pdo mod_ssl perl-DBI perl-DBD-MySQL perl-Digest-HMAC perl-YAML perl-ExtUtils-ParseXS perl-NetAddr-IP perl-Crypt-SSLeay perl-Curses perl-DBD-Pg perl-Module-ScanDeps perl-Text-CSV perl-HTML-Template perl-IO-Compress perl-Text-Glob perl-Jcode perl-Test-Script perl-Archive-Tar perl-Test-Base perl-OLE-Storage_Lite perl-Archive-Zip perl-Net-Server perl-Convert-ASN1 perl perl-Compress-Raw-Zlib perl-Digest-SHA1 perl-Data-Dumper perl-Error perl-ExtUtils-CBuilder perl-Test-Tester perl-Parse-RecDescent perl-Spiffy perl-IO-Zlib perl-Module-Build perl-HTML-Parser perl-Net-SSLeay perl-Proc-ProcessTable perl-TermReadKey perl-Term-ReadLine-Gnu perl-Digest-SHA perl-Tk perl-Net-SNMP perl-Test-NoWarnings perl-XML-Writer perl-Proc-PID-File perl-Compress-Raw-Bzip2 perl-libwww-perl perl-XML-Parser perl-File-Remove perl-Parse-CPAN-Meta perl-Set-Scalar perl-Probe-Perl perl-File-Which perl-Package-Constants perl-Module-Install perl-File-HomeDir perl-Spreadsheet-ParseExcel perl-Mail-Sendmail perl-Spreadsheet-XLSX asterisk-perl perl-version perl-Crypt-DES perl-URI perl-Net-Daemon perl-IO-stringy perl-YAML-Tiny perl-HTML-Tagset perl-Socket6 perl-BSD-Resource perl-IPC-Run3 perl-Text-CSV_XS perl-Unicode-Map perl-Net-Telnet perl-PAR-Dist perl-Date-Manip perl-JSON perl-rrdtool lame screen iftop htop perl-GD gcc gcc-c++- bzip2 make libjansson-devel dahdi-linux-devel libxml2-tools libxml2-2 libxml2-devel libuuid-devel sqlite3-devel
perl -MCPAN -e 'my $c = "CPAN::HandleConfig"; $c->load(doit => 1, autoconfig => 1); $c->edit(prerequisites_policy => "follow"); $c->edit(build_requires_install_policy => "yes"); $c->commit'
cpan -i String::CRC Tk::TableMatrix Net::Address::IP::Local Term::ReadLine::Gnu Spreadsheet::Read Net::Address::IPv4::Local RPM::Specfile Spreadsheet::XLSX Spreadsheet::ReadSXC MD5 Digest::MD5 Digest::SHA1 Bundle::CPAN Pod::Usage Getopt::Long DBI DBD::mysql Net::Telnet Time::HiRes Net::Server Mail::Sendmail Unicode::Map Jcode Spreadsheet::WriteExcel OLE::Storage_Lite Proc::ProcessTable IO::Scalar Scalar::Util Spreadsheet::ParseExcel Archive::Zip Compress::Raw::Zlib Spreadsheet::XLSX Test::Tester Spreadsheet::ReadSXC Text::CSV Test::NoWarnings Text::CSV_PP File::Temp Text::CSV_XS Spreadsheet::Read LWP::UserAgent HTML::Entities HTML::Strip HTML::FormatText HTML::TreeBuilder Switch Time::Local MIME::POP3Client Mail::IMAPClient Mail::Message IO::Socket::SSL readline
cd /usr/bin/
curl -LOk http://xrl.us/cpanm
chmod +x cpanm
cpanm -f File::Which
cpanm -f File::HomeDir
cpanm CPAN::Meta::Requirements
cpanm -f CPAN
cpanm -f DBD::mysql
cpanm User::Identity --force
cpanm YAML MD5 Digest::MD5 Digest::SHA1 Curses Getopt::Long Net::Domain Term::ReadKey Term::ANSIColor HTML::FormatText MIME::Decoder Mail::POP3Client Mail::Message Crypt::Eksblowfish::Bcrypt
### Make Swap ###
mkdir -p /var/lib/swap
dd if=/dev/zero of=/var/lib/swap/swapfile bs=4G count=4096
mkswap /var/lib/swap/swapfile
swapon /var/lib/swap/swapfile
cat /proc/swaps
nano /etc/fstab
paste this: /var/lib/swap/swapfile swap swap defaults 0 0
save and exit
### Create DB & Cron user
mysql
CREATE DATABASE `asterisk` DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'cron'@'localhost' IDENTIFIED BY '1234';
GRANT SELECT,INSERT,UPDATE,DELETE,LOCK TABLES on asterisk.* TO cron@'%' IDENTIFIED BY '1234';
GRANT SELECT,INSERT,UPDATE,DELETE,LOCK TABLES on asterisk.* TO cron@localhost IDENTIFIED BY '1234';
GRANT RELOAD ON *.* TO cron@'%';
GRANT RELOAD ON *.* TO cron@localhost;
flush privileges;
exit
### Install Asterisk 16 ###
mkdir /usr/src/asterisk
wget http://download.vicidial.com/beta-apps/asterisk-16.17.0-vici.tar.gz
tar -xzvf asterisk-16.17.0-vici.tar.gz
./configure --libdir=/usr/lib64 --with-pjproject-bundled -with-jansson-bundled
rm menuselect.makeopts
make menuselect*
**** Go down one to applications and hit enter, go down until you find the "meetme" app and press space bar, then hit "X" ****
make && make install && make samples && make config && make basic-pbx
/usr/share/astguiclient/start_asterisk_boot.pl
mkdir /usr/src/astguiclient
cd /usr/src/astguiclient
svn checkout svn://svn.eflo.net:3690/agc_2-X/trunk
mysql
SET GLOBAL connect_timeout=60;
use asterisk;
\. /usr/src/astguiclient/trunk/extras/MySQL_AST_CREATE_tables.sql
\. /usr/src/astguiclient/trunk/extras/first_server_install.sql
ALTER TABLE phones ALTER template_id SET DEFAULT '';
\. /usr/src/astguiclient/trunk/extras/sip-iax_phones.sql
quit
/usr/src/astguiclient/trunk/install.pl
/usr/share/astguiclient/ADMIN_area_code_populate.pl
/usr/src/astguiclient/trunk/bin/ADMIN_update_server_ip.pl
nano /etc/rc.local
### paste this below:
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
# OPTIONAL enable ip_relay(for same-machine trunking and blind monitoring)
/usr/share/astguiclient/ip_relay/relay_control start 2>/dev/null 1>&2
# Disable console blanking and powersaving
/usr/bin/setterm -blank
/usr/bin/setterm -powersave off
/usr/bin/setterm -powerdown
### start up the MySQL server
systemctl start mariadb.service
systemctl enable mariadb.service
### start up the apache web server
systemctl start apache2
systemctl enable apache2
### roll the Asterisk logs upon reboot
/usr/share/astguiclient/ADMIN_restart_roll_logs.pl
### clear the server-related records from the database
/usr/share/astguiclient/AST_reset_mysql_vars.pl
### load dahdi drivers
modprobe dahdi
/usr/sbin/dahdi_cfg -vvvvvvvvvvvvv
### sleep for 20 seconds before launching Asterisk
sleep 20
### start up asterisk
/usr/share/astguiclient/start_asterisk_boot.pl
############## END PASTE HERE ##################
crontab -e
### paste below:
### recording mixing/compressing/ftping scripts
#0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_1_move_mix.pl
0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_1_move_mix.pl --MIX
0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_1_move_VDonly.pl
1,4,7,10,13,16,19,22,25,28,31,34,37,40,43,46,49,52,55,58 * * * * /usr/share/astguiclient/AST_CRON_audio_2_compress.pl --GSM
#2,5,8,11,14,17,20,23,26,29,32,35,38,41,44,47,50,53,56,59 * * * * /usr/share/astguiclient/AST_CRON_audio_3_ftp.pl --GSM
### keepalive script for astguiclient processes
* * * * * /usr/share/astguiclient/ADMIN_keepalive_ALL.pl --cu3way
### kill Hangup script for Asterisk updaters
* * * * * /usr/share/astguiclient/AST_manager_kill_hung_congested.pl
### updater for voicemail
* * * * * /usr/share/astguiclient/AST_vm_update.pl
### updater for conference validator
* * * * * /usr/share/astguiclient/AST_conf_update.pl
### flush queue DB table every hour for entries older than 1 hour
11 * * * * /usr/share/astguiclient/AST_flush_DBqueue.pl -q
### fix the vicidial_agent_log once every hour and the full day run at night
33 * * * * /usr/share/astguiclient/AST_cleanup_agent_log.pl
50 0 * * * /usr/share/astguiclient/AST_cleanup_agent_log.pl --last-24hours
## uncomment below if using QueueMetrics
#*/5 * * * * /usr/share/astguiclient/AST_cleanup_agent_log.pl --only-qm-live-call-check
## uncomment below if using Vtiger
#1 1 * * * /usr/share/astguiclient/Vtiger_optimize_all_tables.pl --quiet
### updater for VICIDIAL hopper
* * * * * /usr/share/astguiclient/AST_VDhopper.pl -q
### adjust the GMT offset for the leads in the vicidial_list table
1 1,7 * * * /usr/share/astguiclient/ADMIN_adjust_GMTnow_on_leads.pl --debug
### reset several temporary-info tables in the database
2 1 * * * /usr/share/astguiclient/AST_reset_mysql_vars.pl
### optimize the database tables within the asterisk database
3 1 * * * /usr/share/astguiclient/AST_DB_optimize.pl
## adjust time on the server with ntp
30 * * * * /usr/sbin/ntpdate -u pool.ntp.org 2>/dev/null 1>&2
### VICIDIAL agent time log weekly and daily summary report generation
2 0 * * 0 /usr/share/astguiclient/AST_agent_week.pl
22 0 * * * /usr/share/astguiclient/AST_agent_day.pl
### VICIDIAL campaign export scripts (OPTIONAL)
#32 0 * * * /usr/share/astguiclient/AST_VDsales_export.pl
#42 0 * * * /usr/share/astguiclient/AST_sourceID_summary_export.pl
### remove old recordings more than 7 days old
#24 0 * * * /usr/bin/find /var/spool/asterisk/monitorDONE -maxdepth 2 -type f -mtime +7 -print | xargs rm -f
### roll logs monthly on high-volume dialing systems
#30 1 1 * * /usr/share/astguiclient/ADMIN_archive_log_tables.pl
### remove old vicidial logs and asterisk logs more than 2 days old
28 0 * * * /usr/bin/find /var/log/astguiclient -maxdepth 1 -type f -mtime +2 -print | xargs rm -f
29 0 * * * /usr/bin/find /var/log/asterisk -maxdepth 3 -type f -mtime +2 -print | xargs rm -f
30 0 * * * /usr/bin/find / -maxdepth 1 -name "screenlog.0*" -mtime +4 -print | xargs rm -f
### cleanup of the scheduled callback records
25 0 * * * /usr/share/astguiclient/AST_DB_dead_cb_purge.pl --purge-non-cb -q
### GMT adjust script - uncomment to enable
#45 0 * * * /usr/share/astguiclient/ADMIN_adjust_GMTnow_on_leads.pl --list-settings
### Dialer Inventory Report
1 7 * * * /usr/share/astguiclient/AST_dialer_inventory_snapshot.pl -q --override-24hours
### inbound email parser
* * * * * /usr/share/astguiclient/AST_inbound_email_parser.pl
################ END PASTE HERE ####################
a2enmod ssl
a2enflag SSL
reboot
go to http://127.0.0.1/vicidial/admin.php
Enjoy!!
-CarpeNox
BazarLoader used to deploy Ryuk ransomware on high-value targets
The TrickBot gang operators are increasingly targeting high-value targets with the new stealthy BazarLoader trojan before deploying the Ryuk ransomware.
As these modules have become heavily analyzed over time, security solutions have become better at detecting these modules before being utilized.
From TrickBot to BazarLoader
In April 2020, bleepingcomputer reported that the TrickBot gang had started to use a new BazarLoader/BazarBackdoor infection in phishing attacks.
In a new report, Advanced Intel security researchers explain that instead of burning victims with the highly-detected TrickBot trojan, threat actors now favor BazarBackdoor as their tool of choice for high-value enterprise targets.
“BazarBackdoor remains the covert malware relying upon minimal functionality while on the host producing high-value long-term infections due to its simplicity and external operation dependency to exploit more information later.”
“In other words, the BazarBackdoor “blending-in“ simplicity and obfuscation layer allows the payload to be a better choice for high-value targets,” Kremez told BleepingComputer in a conversation about their report.
A BazarLoader compromise starts with a targeted phishing attack, as shown by a phishing email received by BleepingComputer in April.
BazarLoader phishing attack
After infecting a computer, BazarLoader will use process hollowing to inject the BazarBackdoor component into legitimate Windows processes such as cmd.exe, explorer.exe, and svchost.exe. A scheduled task is created to load BazarLoader every time a user logs into the system.
BazarLoader scheduled task
Eventually, BazarBackdoor will deploy a Cobalt Strike beacon, which provides remote access to threat actors who install post-exploitation tools such as BloodHound and Lasagne for mapping a Windows domain and extracting credentials.
Ultimately, the attack leads to threat actors deploying Ryuk ransomware on the entire network and demand massive ransoms.
BazarBackdoor attack flow Source: Advanced Intel
Even with this increase in utilization, as BazarBackdoor requires a more significant amount of human-operation, Kremez believes that BazarLoader will be reserved for select targets.
“The downside of hunting with BazarBackdoor is that it requires an expensive exploitation operation to pivot from the infections,” Kremez explained.
For mass-distribution, we should continue to see TrickBot utilized for network compromise.
For the past two months, security researchers have been waging an online battle against a new ‘BazarCall’ malware that uses call centers to distribute some of the most damaging Windows malware.
The new malware was discovered being distributed by call centers in late January and is named BazarCall, or BazarCall, as the threat actors initially used it to install the BazarLoader malware.
While other malware is now being distributed, researchers continue to identify the distribution campaign as BazarCall.
Like many malware campaigns, BazarCall starts with a phishing email but from there deviates to a novel distribution method – using phone call centers to distribute malicious Excel documents that install malware.
Instead of bundling attachments with the email, BazarCall emails prompt users to call a phone number to cancel a subscription before they are automatically charged. These call centers would then direct users to a specially crafted website to download a “cancellation form” that installs the BazarCall malware.
BazarCall: From phishing emails to call centers
BazarCall attacks all start with a phishing email targeting corporate users that state the recipient’s free trial is about to run out. However, these emails do not provide any details regarding the alleged subscription.
The emails then prompt the user to contact a listed phone number to cancel the subscription before they are charged $69.99 to $89.99 for a renewal, as shown in the example BazarCall phishing email below.
Example BazarCall email
While the bulk of the emails seen by BleepingComputer have been from a fictitious company named “Medical reminder service, Inc.”, the emails have also used other fake company names such as ‘iMed Service, Inc.’, ‘Blue Cart Service, Inc.’, and ‘iMers, Inc.’
These emails all use similar subjects such as “Thank you for using your free trial” or “Your free trial period is almost over!” Security researcher ExecuteMalware has compiled a more extensive list of email subjects used by this attack.
When a recipient calls the listed phone number, they will be placed on a short hold and then be greeted by a live person. When asked for more information or how to cancel the subscription, the call center agent asks the victim for a unique customer ID enclosed in the email.
Randy Pargman, Vice President of Threat Hunting & Counterintelligence at Binary Defense, told BleepingComputer that this unique customer ID is a core component of the attack and is used by the call center to determine if the caller is a targeted victim.
“They will be able to identify the company that got that email when you give them a valid customer number on the phone. But if you give them a wrong number they will just tell you that they canceled your order and it’s all good without sending you to the website,” Pargman told BleepingComputer in a conversation about BazarCall.
If a correct customer ID is given, the call center agent will direct the user to a fake website that pretends to be the associated medical services company. The phone agent will stay on the phone with the victim and guide them to a cancellation page where they are prompted to enter their customer ID, as shown below.
BazarCall distribution site Source: Brad Duncan
When the user enters their customer ID number, the website will automatically prompt the browser to download an Excel document (xls or xlsb). The call center agent will then help the victim open the file and clicking on the ‘Enable Content’ button to enable malicious macros.
In some calls conducted by Pargman, the threat actors instructed him to disable antivirus to prevent the malicious documents from being detected.
Malicious BazarCall Excel document
When the Excel macros are enabled, the BazarCall malware will be downloaded and executed on the victim’s computer.
When the BazarCall campaign first started, it was used to distribute the BazarLoader malware but has also begun distributing TrickBot, IcedID, Gozi IFSB, and other malware.
These Windows infections are particularly dangerous as they provide remote access to compromised corporate networks where the threat actors spread laterally through the network to steal data or deploy ransomware.
Security researcher Brad Duncan has shared a video illustrating a call into the threat actor’s call center and its distribution of malicious documents to unsuspecting victims. https://www.youtube.com/embed/uAkeXCYcl4Y
BazarCall: Deployed via a Distribution-as-a-Service
While BazarLoader and the TrickBot infections are believed to be created by the same ‘TrickBot’ hacking group, the other distributed infections are not related to these threat actors.
Due to this, Pargman has told BleepingComputer that he believes that another threat actor group is running the call centers and renting out distribution as a Distribution-as-a-Service.
“My belief is that this is a distro as a service and that UNC1878 is probably a customer of theirs,” Pargman explained.
This belief is echoed by Cryptolaemus security researcher Joseph Roosen who told BleepingComputer that the distribution service is run like a regular company, keeping strict Monday through Friday business hours.
BleepingComputer’s efforts to contact the call center over the past four days have been unsuccessful due to the constantly changing infrastructure used by the threat actors.
Due to the efforts of researchers such as Pargman, Roosen, Duncan, William Thomas of Cyjax, TheAnalyst, and ExecuteMalware, and many others, the distribution service has been forced to constantly change their phone numbers and hosting sites as the researchers take them down.
Unfortunately, even with the cybersecurity community’s combined efforts, this distribution method has been very successful.
Due to their distribution method, malware samples commonly have very low detection rates on VirusTotal as they are not publicly distributed and detected by antivirus vendors.
Furthermore, from emails seen by BleepingComputer, people are falling for this scam as they believe they are legitimate subscriptions that need to be canceled.
For this reason, we here at Cyburity would like to offer our services free of charge to anyone effected by this malware, BazarCall so we can track down their command centers and disable them as well as remediate any threat actors from your server. If you have been affected or would like to have a free security audit to see if you have been, please schedule a FREE security audit. By working together, we can break down these hacking groups to make it where they move on from this scam to something else…..because they will.
In this article, I will demonstrate Install Asterisk 16 on Vicidial aka vicibox 9. In theory it should also work for you CentOS lovers (bleh) too, but just change the zypper commands to yum.
Copy the code below and paste it into your Linux CLI:
cd /usr/src/
wget http://download.vicidial.com/beta-apps/asterisk-16.17.0-vici.tar.gz
tar -xzvf asterisk-16.17.0-vici.tar.gz
cd asterisk-16.17.0-vici
./configure --libdir=/usr/lib64 --with-pjproject-bundled --with-jansson-bundled
rm menuselect.makeopts
make menuselect*
**** Go down one to applications and hit enter, go down until you find the "meetme" app and press space bar, then hit "X" ****
make && make install && make samples && make config && make basic-pbx
/usr/share/astguiclient/start_asterisk_boot.pl
Press Space bar to select [*] app_meetme and then press X
Step 3 – Run the perl install script in /usr/src/astguiclient.trunk
cd /usr/src/astguiclient/trunk perl install.pl
****make sure to change the asterisk version to: 16.17.0-vici & copy sample files
Step 4 – cp all files that have .rmpsave in /etc/asterisk to its original version as shown below
cd /etc/asterisk example: cp sip.conf.rpmsave sip.conf
do the rest too
Step 5 – Rebuild server via Vicidial admin
Go to Admin > Servers > Click on the server and change the Asterisk Version
Change Asterisk Version
And then change ‘Rebuild conf files’ to Y and hit submit
Now you can make sure everything is running correctly by typing the following commands and match the results to the picture below.
Thats all there is to it. If you have any errors or problems, please let me know in the comments below or stop by our live support channel on skype. I hope this helps.
enter Server-IP address into browser(from another Machine/Same Machine) and make sure Apache is showing Testing 123…Webpage. If this webpage is not showing then make sure Apache is properly install, the ports are added into Firewall. You can disable the firewall completely to make sure if it FW problem or something else.
cd /usr/src/
wget http://download.vicidial.com/required-apps/asterisk-perl-0.08.tar.gz
tar -zxf asterisk-perl-0.08.tar.gz
cd asterisk-perl-0.08
perl Makefile.PL
make all
make install
Asterisk 13.29.2 Download & Installation
Download & Unzip Asterisk, Dahdi & Libpri
mkdir /usr/src/asterisk
cd /usr/src/asterisk
wget http://download.vicidial.com/required-apps/asterisk-13.29.2-vici.tar.gz
wget http://download.vicidial.com/beta-apps/dahdi-linux-complete-2.11.1.tar.gz
wget http://downloads.asterisk.org/pub/telephony/libpri/libpri-current.tar.gz
tar xzf asterisk-13.29.2-vici.tar.gz
tar xzf dahdi-linux-complete-2.11.1.tar.gz
tar xzf libpri-current.tar.gz
Install DAHDI
cd dahdi-linux-complete-2.11.1+2.11.1
make all
make install
modprobe dahdi
modprobe dahdi_dummy
make config
Install Libpri
cd /usr/src/asterisk/libpri-1.6.0
make clean
make
make install
cd /usr/src/asterisk/asterisk-13.29.2-vici
./configure --libdir=/usr/lib64 --with-pjproject-bundled
make menuselect #Select Application>MeetMe App
make
make install
make samples
make config
chkconfig asterisk on
Create Database
mysql
CREATE DATABASE `asterisk` DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'cron'@'localhost' IDENTIFIED BY '1234';
GRANT SELECT,INSERT,UPDATE,DELETE,LOCK TABLES on asterisk.* TO cron@'%' IDENTIFIED BY '1234';
GRANT SELECT,INSERT,UPDATE,DELETE,LOCK TABLES on asterisk.* TO cron@localhost IDENTIFIED BY '1234';
GRANT RELOAD ON *.* TO cron@'%';
GRANT RELOAD ON *.* TO cron@localhost;
flush privileges;
quit
Install Vicidial
mkdir /usr/src/astguiclient
cd /usr/src/astguiclient
svn checkout svn://svn.eflo.net:3690/agc_2-X/trunk
cd trunk
perl install.pl
Enter 13.29.2-vici when it asks for Asterisk Version + Copy Asterisk Settings=Yes + Server webroot path=/var/www/html
Import DB Server Install Settings
mysql
SET GLOBAL connect_timeout=60;
use asterisk;
\. /usr/src/astguiclient/trunk/extras/MySQL_AST_CREATE_tables.sql
\. /usr/src/astguiclient/trunk/extras/first_server_install.sql
\. /usr/src/astguiclient/trunk/extras/sip-iax_phones.sql
quit
Enter Following in the opened file, remove everything from there and copy paste below in it:
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
# OPTIONAL enable ip_relay(for same-machine trunking and blind monitoring)
/usr/share/astguiclient/ip_relay/relay_control start 2>/dev/null 1>&2
# Disable console blanking and powersaving
/usr/bin/setterm -blank
/usr/bin/setterm -powersave off
/usr/bin/setterm -powerdown
### start up the MySQL server
/etc/init.d/mysqld start
### start up the apache web server
/etc/init.d/httpd start
### roll the Asterisk logs upon reboot
/usr/share/astguiclient/ADMIN_restart_roll_logs.pl
### clear the server-related records from the database
/usr/share/astguiclient/AST_reset_mysql_vars.pl
### load dahdi drivers
modprobe dahdi
/usr/sbin/dahdi_cfg -vvvvvvvvvvvvv
### sleep for 20 seconds before launching Asterisk
sleep 20
### start up asterisk
/usr/share/astguiclient/start_asterisk_boot.pl
chmod +x /etc/rc.local
Setting up crontab
crontab -e
Copy the below and paste it into open window and then save it with “:wq”
### keepalive script for astguiclient processes
* * * * * /usr/share/astguiclient/ADMIN_keepalive_ALL.pl
### Compress astguiclient log files and remove old ones
25 2 * * * /usr/bin/find /var/log/astguiclient -maxdepth 1 -type f -mtime +1 -print | grep -v \.xz | xargs xz -9 >/dev/null 2>&1
28 0 * * * /usr/bin/find /var/log/astguiclient -maxdepth 1 -type f -mtime +30 -print | xargs rm -f
### fix the vicidial_agent_log once every hour and the full day run at night
33 * * * * /usr/share/astguiclient/AST_cleanup_agent_log.pl
50 0 * * * /usr/share/astguiclient/AST_cleanup_agent_log.pl --last-24hours
## uncomment below if using QueueMetrics
#*/5 * * * * /usr/share/astguiclient/AST_cleanup_agent_log.pl --only-qm-live-call-check
### updater for VICIDIAL hopper
* * * * * /usr/share/astguiclient/AST_VDhopper.pl -q
### adjust the GMT offset for the leads in the vicidial_list table
1 1,7 * * * /usr/share/astguiclient/ADMIN_adjust_GMTnow_on_leads.pl --debug --list-settings
### optimize the database tables within the asterisk database
3 1 * * * /usr/share/astguiclient/AST_DB_optimize.pl
### VICIDIAL agent time log weekly and daily summary report generation
2 0 * * 0 /usr/share/astguiclient/AST_agent_week.pl
22 0 * * * /usr/share/astguiclient/AST_agent_day.pl
### VICIDIAL campaign export scripts (OPTIONAL)
#32 0 * * * /usr/share/astguiclient/AST_VDsales_export.pl
#42 0 * * * /usr/share/astguiclient/AST_sourceID_summary_export.pl
### inventory report optional
#1 7 * * * /usr/share/astguiclient/AST_dialer_inventory_snapshot.pl -q --override-24hours
### roll logs monthly on high-volume dialing systems
#30 1 1 * * /usr/share/astguiclient/ADMIN_archive_log_tables.pl --months=6
### roll call_log and vicidial_log_extended daily on very high-volume dialing systems
#20 1 * * * /usr/share/astguiclient/ADMIN_archive_log_tables.pl --daily
## uncomment below if using Vtiger
#1 1 * * * /usr/share/astguiclient/Vtiger_optimize_all_tables.pl --quiet
# cleanup of the scheduled callback records
25 0 * * * /usr/share/astguiclient/AST_DB_dead_cb_purge.pl --purge-non-cb --quiet
### inbound email parser should only be active on a single server
* * * * * /usr/share/astguiclient/AST_inbound_email_parser.pl
### flush queue DB table every hour for entries older than 1 hour
11 * * * * /usr/share/astguiclient/AST_flush_DBqueue.pl -q
### remove and rotate old asterisk logs
29 0 * * * /usr/bin/find /var/log/asterisk -maxdepth 3 -type f -mtime +30 -print | xargs rm -f
30 0 * * * /usr/bin/find / -maxdepth 1 -name "screenlog.0*" -mtime +7 -print | xargs rm -f
31 0 * * * /usr/bin/find /tmp -maxdepth 1 -type f -mtime +7 -print | xargs rm -f
32 0 * * * /usr/bin/find /var/log/asterisk -maxdepth 1 -type f -mtime +1 -print | grep -v \.xz | xargs xz >/dev/null 2>&1
### recording mixing/compressing/ftping scripts
0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_1_move_mix.pl
0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_1_move_mix.pl --MIX
#0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_1_move_VDonly.pl
1,4,7,10,13,16,19,22,25,28,31,34,37,40,43,46,49,52,55,58 * * * * /usr/share/astguiclient/AST_CRON_audio_2_compress.pl --MP3
#2,5,8,11,14,17,20,23,26,29,32,35,38,41,44,47,50,53,56,59 * * * * /usr/share/astguiclient/AST_CRON_audio_3_ftp.pl --MP3 --run-check
#0 1 * * * /usr/share/astguiclient/AST_CRON_audio_4_ftp2.pl --ftp-server=server.ip --ftp-login=user --ftp-pass=pass --ftp-directory=/ --ftp-persistent --ftp-validate --transfer-limit=100000 --list-limit=100000
### remove old recordings more than 7 days old, and delete originals after 1 day
#24 0 * * * /usr/bin/find /var/spool/asterisk/monitorDONE -maxdepth 2 -type f -mtime +7 -print | xargs rm -f
24 1 * * * /usr/bin/find /var/spool/asterisk/monitorDONE/ORIG -maxdepth 2 -type f -mtime +1 -print | xargs rm -f
### kill Hangup script for Asterisk updaters
* * * * * /usr/share/astguiclient/AST_manager_kill_hung_congested.pl
### updater for voicemail
* * * * * /usr/share/astguiclient/AST_vm_update.pl
### updater for conference validator
* * * * * /usr/share/astguiclient/AST_conf_update.pl
### reset several temporary-info tables in the database
2 1 * * * /usr/share/astguiclient/AST_reset_mysql_vars.pl
### Reboot nightly to manage asterisk issues and memory leaks - uncomment if issues arise
30 6 * * * /sbin/reboot
### remove text to speech file more than 4 days old
#20 0 * * * /usr/bin/find /var/lib/asterisk/sounds/tts/ -maxdepth 2 -type f -mtime +4 -print | xargs rm -f
### Update agent records with the IP of the phone they are logging in on
#*/5 * * * * /usr/share/astguiclient/AST_phone_update.pl --agent-lookup
### Delete voicemail that is older then 60 days
#0 2 * * * /usr/local/bin/vmspool_manager.pl --active --age=60
### ViciBox integrated firewall, by default just load the VoIP Black list and reload it every 4 hours
### You can lock everyone out of your server if you set this wrong, so understand what you are doing!!!
@reboot /usr/local/bin/VB-firewall.pl --voipbl --noblack --quiet
0 */6 * * * /usr/local/bin/VB-firewall.pl --voipbl --noblack --flush --quiet
Going into mysql and executing the upgrade sql file:
mysql
use asterisk
\. /usr/src/astguiclient/trunk/extras/upgrade_2.14.sql
quit
about:blankREPORT THIS AD
On ALL servers: (Database, web, telephony)
cd /usr/src/astguiclient/trunk
perl ./install.pl
NOTES: If you have customized any scripts in the bin or agi folders,
then make sure you back them up before running the install.pl script.
This script will replace existing files in the astguiclient installation.
A Virtual Office is a new platform designed for the remote world we live in today.
As employees shift to a new work from home lifestyle; companies must adopt new tools and best practices to help their teams effectively communicate, collaborate and stay informed and connected in the absence of a physical office.
A new category of tools called ‘virtual office’ is emerging
Virtual offices (aka: online workspace, digital office, digital workspace) serve as a digital representation of a physical office, providing employees with an online environment to meet and collaborate, while also offering a number of features designed to alleviate common pain points and frustrations shared by remote teams and employees.
Products that fall into the virtual office or workspace category typically offer distributed team members:
• A sense of presence, proximity, and an awareness of team members online availability • Support internal communication via audio, video conferencing, and/or instant messaging • Screen sharing for collaborative work and discussions • Allow teams to create and designate virtual meeting rooms or spaces for ad-hoc and recurring team meetings, discussions, and check-ins
Why does my team need virtual office software?
Problem: Working remote can be lonely compared to in-office
According to Buffer’s State of Remote Work 2020, one of the most common employee-reported limitations of working remote is the feeling of loneliness, disconnect and isolation that stems when teammates are unable to work side-by-side. There are numerous reports and articles pointing to loneliness being a dark side of remote work. In this article, Ben Fanning writes “If you’ve been working with people for a while and had that connectivity and face-to-face meetings and were used to that work environment, and now suddenly working at a distance with little connectivity, it really creates a huge problem. It’s like being on a remote island.”
How can virtual offices help reduce feelings of isolation?
Virtual office solutions offer a wide variety of user experiences and designs, but they all focus on visually helping your distributed team feel more connected and aware of office happenings; commonly referred to as ‘presence’. Virtual presence features can include:
• Profile pictures or avatars that offer ways to express oneself • Availability indicated with text or UI (eg are they ‘away’ in ‘do not disturb mode’, or ‘available’ for conversation?) • Work and/or activity in progress (eg are they ‘coding’, ‘messaging’, or other?) • Meetings and/or discussions underway (ie who’s meeting and should I join if relevant), and more.
These visualizations help to replicate some of the workplace buzz and liveliness you feel when working in a physical office.
As an example, CyburDial shows users’ ‘activity status,’ which informs teammates about their co-workers’ true availability. Users can opt to set themselves as ‘away’ or ‘available’, and even enable ‘automatic status’ which automatically displays the work activity (eg designing) or whether a user is in ‘focus’ meaning it’s probably not a good time to engage.
Problem: Teams struggle with less communication and collaboration when remote
The other most common struggle employees report when working remote is the significant loss of communication and collaboration. There are many great tools which in-person and remote teams have adopted but few of these tools have been specifically developed for fully distributed teams.
Challenges with communication (too much, or too little)
Most of us that have experienced work from home can relate to either:
1.) Too many formal, structured video calls resulting in the 2020 coined term ‘zoom fatigue’, or 2.) Too few team interactions resulting in a feeling of work disconnect.
It can be challenging for remote organizations to achieve balance and replicate the ad-hoc, informal, and spontaneous nature of conversations held when coworkers work together in a shared office space.
Human Resources Module
The most important work discussions happen outside of formal calendar meetings
A recent internal analysis shared by Microsoft on their shift to remote work put a spotlight on this and showed that a significant increase of shorter duration meetings across the organization was the result of employees missing office interactions — “we could no longer catch up in hallways or by the coffee machine, so we were scheduling more (video) connections” But the time-consuming, formalized nature of scheduling quick, ad-hoc meetings and discussions is itself a main challenge with remote work that even teams like Microsoft struggle with.
How do virtual offices help improve communication?
By providing an online sense of team presence and status, virtual office’s are uniquely positioned to accommodate spontaneous video or audio-based check-ins, desk drop-ins, and casual conversations virtually. Akin to a ‘virtual shoulder tap’, users simply look at their workspace, check the real-time availability of a coworker or group of coworkers, and tap teammates to initiate an immediate call with them; eliminating many of the barriers that typically prevent coworkers from communicating more frequently in their day. Gone is the need to pre-qualify or guess if a teammate is available for a call or if the timing is right to engage — and with no coordination friction required. The majority of internal remote work conversations outside of virtual offices require many time-consuming steps like scheduling, creating, and sharing a meet calendar invite or link — and all of this for a meeting that might warrant just a five minute discussion.
Conversations as fast as real life shoulder-taps
Virtual office tools enable push-to-talk style conversation. In CyburDIal, users just tap a team member and then are immediately connected — If a teammate is free, they simply unmute to accept the call. If they’re unavailable, they do not have to accept and can follow up at a later time.
A General Office setting
Collaboration is key to the success of all companies, and keeping teams aligned and working towards common goals is critical. But when teams are distributed, discussions, background conversations, serendipitous hallway interactions, and paired work moments are limited, if not possible at all due to team structure and time zones. When remote, much internal communication becomes siloed within departments, and teammates often struggle to know what’s happening in other parts of the organization due to limited cross-departmental interactions.
How do virtual offices help teams collaborate?
Time zones
Many distributed teams have employees working across many time zones. A common collaboration challenge for remote workers is the ability to quickly determine where teammates are located and their current time. Layering in calendar events and country specific holidays makes this an even more onerous chore in that scheduling becomes difficult but also you lose a sense of time in general and end-up pinging a colleague at the end of their day when it’s important to be empathetic.
As teams become more globally distributed, and as employees benefit from flexible work schedules within their time zones, organizing teammates by time zone and providing further presence such as using AI to predict when a user will next be online or return is critical.
Know teammates better
The missed water cooler moments as mentioned earlier not only impact collaboration but they also significantly impact opportunity for coworkers to form bonds, build camaraderie, and create a cohesive team culture. According to the Gartner ReimagineHR Employee Survey, 41 percent of those surveyed don’t feel connected to their colleagues when working remotely. Virtual offices provide more opportunities for remote colleagues, particularly cross-department, to get to know each other as they do when in a physical shared office.
Some virtual offices offer casual rooms, or the ability to create ‘watercooler’ rooms, dedicated solely for social interactions like coffee breaks, games, or simply for ‘hangout sessions’ to work with other teammates in an open room environment to feel more together. Avatars, profile images, memes, and emojis are used in varying ways across virtual office tools to let teammates show personality and bring more fun to remote work. CyburDial incorporates games, ice breakers such as local weather, suggests catch-ups and enables other concepts to help teammates get to know one another.
Problem: Lost serendipity and missed hallway discussions
Sales/Marketing Floor
Serendipity lost
“Creativity comes from spontaneous meetings, from random discussions. You run into someone, you ask what they’re doing, you say ‘Wow,’ and soon you’re cooking up all sorts of ideas.” – Steve Jobs
In this recent Fast Company article, Sagi Eliyahu writes about recent shifts to remote work “A lot of the work that gets done — certainly more than we realized — requires direct human collaboration that includes decision-making, delegation, coordination, and strategy. And much of the progress we make in that work, the leaps in innovation, the light-bulb moments, happens without us consciously planning for it.” He adds, “Many of us took for granted just how many ideas were cooked up back when we enjoyed the luxury of working together, in person.”
While lost serendipity is not easy to quantify, it is a commonly reported limitation of remote work.
How can virtual offices enable more spontaneous discussions and ‘Wow’ moments?
By seeing teammates and enabling ad-hoc, on-the-fly conversations, virtual office solutions are helping to address the ‘lost serendipity’ challenge of remote work in a variety of ways. Some virtual offices have introduced skeuomorphic representations of the office, and when your avatar is in a set proximity to another user you can ‘speak out loud’ or interact as you might in an office. Other tools encourage ‘always on’ audio and/or video rooms where teammates can enter a communal workspace environment.
CyburDial lets users optionally broadcast the conversations they deem helpful for their coworkers; offering teams an AI-generated, ‘real-time’ summary of topics to help bring more connection, awareness, and spark innovation. Teammates can also hover over this live conversation summary to listen into the discussion in real-time without having to join — this is the closest thing to background conversation in the office.
Conference Area
After the discussion ends, users can then publish the discussion into a personalized Facebook-like feed with a goal of keeping teams more in the loop and aware of office happenings, especially useful for team members across many time zones missing key meetings.
The ChillZone
Conclusion: Get started today with CyburDial
We really think you will like what our ROMOP(Remote Office: Management & Operations Platform) has to offer, but don’t take our word for it, take our Virtual Office for a test drive today and decide for yourself! https://CyburDial.com The username for all areas is 0000 and the password is demo.
We were just added to Capterra – Please leave us a review
Good day all, we have recently been added to Capterra.com which is a software search site as well as softwareadvice.com and getapp.com. If you wouldn’t mind writing us a review so we can reach our first 10 reviews to unlock some further options for us, we would really appreciate it. Thank you
If you wouldn’t mind writing us a review for our dialer systemClick here to leave your review!
U.S. Supreme Court ruling: ATDS Definition – Sorry for your loss TCPA lits!
The US Supreme court has ruled on the definition of an “ATDS” on a big loss to TCPA litigators.
They answer the question of what exactly an auto-dialer is:
“To qualify as an “automatic telephone dialing system,” a device must have the capacity either to store a telephone number using a random or sequential generator or to produce a telephone number using a random or sequential number generator.”
Since CyburDial does neither of these things, it is technically not an “automatic telephone dialing system” as defined by the TCPA!
Download the ruling here: https://tinyurl.com/tcpawin
