[arm-allstar] Login password changed automatically

dklortie at teksavvy.com dklortie at teksavvy.com
Sun Jan 26 09:28:33 EST 2020 

Hi David, 

Thanks for the quick reply. 


Answer to question 1 is I believe a strong password is being used (10 characters with 3 being an upper case, number and a punctuation)  Passwords were changed after the problem with the first server. 


2 &3.  Supermon is being used and the password for that is different than the one for  ssh login. 


4.  Asterisk AMI interface? 


As for the copy of the  SD card. Just let me know how to get out to you. 


Regards, 

Darren 


Sent from Workspace ONE Boxer 


On Jan 26, 2020 8:42 AM, David McGough <kb4fxc at inttek.net> wrote: 


Hi Darren, 

This isn't typical behavior at all, so I'm very curious as to what's 
happening.  If possible, I'd like to get a copy of the SDcard to evaluate 
further? 

There are no known vulnerabilities in the current HamVoIP codebase (I guess 
these are HamVoIP nodes?), so that leaves me with some questions: 

1) Was a STRONG root password used? Was the password changed after the 
first system got "hacked"?? 

2) Is Supermon or Allmon in use on these systems? 

3) If the answer to #2 is yes: Were the same passwords used for 
Supermon/Allmon as used for the root ssh login? 

4) Is the Asterisk AMI interface enabled? Is it accessible from a public 
IP address? 


73, David KB4FXC 


On Sun, 26 Jan 2020, "Darren via ARM-allstar" wrote: 

> Hi all, 
> 
> I am wondering if anyone else has experienced this issue and have a 
recommendation on how to fix it. 
> 
> 
> I have 5 all-star nodes set up running on 3 raspberry pi 3's.  One is 
connected directly to a repeater as a controller, 2 are used for remote 
link to 2 of our repeater sites that don't have INTERNET and 2 are 440 
simplex nodes for local fill in.  All are linked permanently as to 
provide coverage for our club members. 
> 
> 
> About 6 months ago I went to do an update on the pi running as a 
repeater controller at the one site, and tried to log in via SSH through 
PUTTY as I have done in the past.  However, I would put in the user name 
of root and the password (yes changed from the default of root), and it 
said password invalid and prompted me for the password again. 
> 
> 
> I reinstalled the image and set the pi back up from scratch and all has 
been good.  Everything working great. Login works fine. 
> 
> 
> Fast forward to present and I have had one of our club members who is 
hosting one of the pi's as a repeater link and simplex node at his qth.  
He received a message from his ISP that a computer on his network is 
participating in a DDOS attack to his neighbors.  When I tried to log 
into the pi at that location to do some investigation and I got the same 
problem as 6 months ago, but on the second pi not the original.  Try to 
log in and keeps asking for password.  I could still log into the other 2 
servers no problem.  
> 
> 
> Today I tried to log into the other 2 servers and now they too keep 
asking me for the password over and over.  I have not changed the passwords. 
> 
> 
> All of the servers were using the same root password which was changed 
when they were set up so I know it's not that I am losing my memory and 
forgot the password. 
> 
> 
> Has anyone seen this before and if so how was it fixed.  If not, how do 
I keep this from happening again. It is a pain to have to keep setting 
the 5 nodes and 3 servers up constantly. 
> 
> 
> Regards, 
> 
> Darren VE3REK 
> 
> 
> _______________________________________________ 
> 
> ARM-allstar mailing list 
> ARM-allstar at hamvoip.org 
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar 
> 
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org 
>

More information about the ARM-allstar mailing list