How to secure asterisk and a2billing

Hi Guys,

We all know that A2Billing is a great voip billing system for calling cards and sip calling, but many of us face security issues with asterisk and a2billing every now and then the server gets compromised and we loose our hard earned money just like that .. bad haa? No worries here are some suggestions using which you can secure your server and prevent the bad guys to take away your money.

Change default a2billing passwords like admin password ,mysql password,manager password.

After installing a2billing your first step should be changing all default passwords.

1. A2Billing admin password (default password is chnagepassword)

2. Use a secure database password 

3. Change default asterisk manager username and password to a secure one. (default username : myasterisk pass: mycode)

Change the default admin folder name from /a2billing/admin to other secured name

Hackers usually hit and try the default folders on your ip/URL so its always good to change the folder name to some secure name instead of admin like my_s3cureadm3n.

Use ssl, redirect all the traffic from http urls to https.

Its always good to use ssl to secure connection.

Make sure that the mysql service is not available from out side

Make sure that mysql server is only accessible from localhost and is not accessible from any outside ip/domain, otherwise hacker may get into database and steel your important information like card numbers etc.

Use different ssh port other than port 22

Use other than 22 port for ssh as hackers try to brute force on port 22 to get into the server. 

Secure your asterisk from brut force using fail2ban

User fail to ban to block ip if someone enters wrong password for more than 3 times.

Secure your web acess and web2call pages using fail2ban.

Allow only selected ips to access the web interfaces. Block Ips if they enter wrong username,password repeatedly.

Add only rates that you got from your termination provider,do not allow calls to expensive area codes.

Its highly recommendable to keep only the destinations which are provided by your termination provided.

The hacker use the stolen account to call on premium number which can cause you huge loss.

  

Verify customers phone number on signup to prevent fraud.

Verify users phone number on signup so that you have some real information about the users this is very useful in preventing the fraud.

Change the sip port to any port other than 5060

Use sip port other than 5060 to prevent unauthorized entry ,brute force.

 

Block the asterisk manager port from outside and change the default password

Do not allow anyone to connect form outside of the machine to asterisk server.

Verify paypal payments with the user's paypal email.

I hope the steps above can help you securing your a2billing server and prevent any fraud and losses.If you want I can do the above for you for 500 USD. You can get back to me on vids.cs@gmail.com

value added services for a2billing

Hi Guys,

Now we can add following vale added services in a2billing.

New user signup through SMS
A topup/recharge through sms
Balance transfer between user accounts


New user signup through SMS: This is a very smart way of user signup where your users do not have to fill signup forms and take the tention of email confirmation etc. Its very easy to use and less time consuming method which any one can use.


How it works:

Its very simple below is the process.
1. user sends sms to predefined number for signup with his name i.e.
2. System process his request and generates username password for him.
3. User receives his login information i.e card number ,password etc through sms.
4. He can purchase credit and use the service.



account topup/recharge through sms: This is a very use full feature where user can recharge his a2billing account from his cellphone through sms.

How it works: it very easy to use follow are the steps.

1. User sends sms to predefined number <> T -- signifies this request is for topup and 12345678 is a2billing voucher number.

2. System check if the sender is a valid user.
3. If yes then checks if the voucher number is valid and what is voucher amount.
4. Adds credit to users account.
5. Sends confirmation message to users cell phone.


Balance transfer between user accounts: This is very good value added service which gives your users the power to transfer some balance from their account to somebody elses account.
Suppose your friend want to call some where but out of balance you can transfer the balance from your account.

Also a2billing admin can take service fees for this.

How it works:

1. User who wants to transfer his balance sends sms to predefined number
i.e tx -- signifies that this request is for transfer 10 is the amount in base currency of a2billing.
2. System validates user.
3 checks his account balance.
4. if user is eligible for balance transfer transfers the balance and send the confirmation.



Hope you will like these addons.
For more information and pricing Feel free to contact me anytime at: vids.cs@gmail.com