Ooops - Navigation options above may not work on this device, please switch to Desktop layout if you need them.
If you just need to contact me privately click here
FreePBX versions 15,16, and 17 have a critical exploit that is being actively exploited in the wild.
The exploit is believed to be related to Endpoint Manager and the Admin page access. By default EPM is installed. If you have previously uninstalled EPM, you have a fair chance, at this time, of being safe, however, don't be complacent, security has never been high on Sangoma's list, nor has being transparent.
In 2020 when RedHat took over CentOS, many predicted it was with the intent of destroying it, being derived from RHEL it was a direct competitor, some say those people have been vindicated, as that's exactly what RedHat did, and its short life-span replacement, CentOS Stream, is just another Fedora, this left FreePBX devs in a bind.
Asterisk and FreePBX allow for a myriad of customisations, some of these however need hand editing asterisk files as well as some FreePBX configuring (due to how FreePBX uses its database and overwrites some asterisk files), so some things you just can't entirely do from within FreePBX, or in asterisk (when using FreePBX that is), like set up Lenny, or provide a Weather service.
Not all VoIP or SIP providers, also known as VSP's or Voice Service Providers, are equal. In recent years there has been a number of new VoIP providers appearing to take advantage of the move from POTS to VoIP in the populous areas serviced by NBN, some of these recent ventures claim they have been selling services for years, but it quickly becomes apparent who are honest, and who are full of it.
Before I continue, let me reassure you the UCM's do work, the devices are just restrictive, hardware and configurability wise, one of the most common complaints I hear is with Music On Hold, in our markets, the most popular method is streaming, be it a plug-in radio, or remote stream, and the UCM's can't do it.
(Original post February 14 2021 updated)
By default, ChanSpy, a supervisor function that allows you to monitor
other peoples calls, is enabled and can be used by anyone, yes, anyone, who's phone is logged in to a FreePBX system that has this feature enabled.
Sangoma don't allow you to secure it out of the box, instead, they try sell you some commercial module (that's about AU$145) that allegedly sets a PIN. But you can do it for free!
FreePBX versions 15,16, and 17 have a critical exploit that is being actively exploited in the wild.
In 2020 when RedHat took over CentOS, many predicted it was with the intent of destroying it, being derived from RHEL it was a direct competitor, some say those people have been vindicated, as that's exactly what RedHat did, and its short life-span replacement, CentOS Stream, is just another Fedora, this left FreePBX devs in a bind.
Asterisk and FreePBX allow for a myriad of customisations, some of these however need hand editing asterisk files as well as some FreePBX configuring (due to how FreePBX uses its database and overwrites some asterisk files), so some things you just can't entirely do from within FreePBX, or in asterisk (when using FreePBX that is), like set up Lenny, or provide a Weather service.
Not all VoIP or SIP providers, also known as VSP's or Voice Service Providers, are equal. In recent years there has been a number of new VoIP providers appearing to take advantage of the move from POTS to VoIP in the populous areas serviced by NBN, some of these recent ventures claim they have been selling services for years, but it quickly becomes apparent who are honest, and who are full of it.
Before I continue, let me reassure you the UCM's do work, the devices are just restrictive, hardware and configurability wise, one of the most common complaints I hear is with Music On Hold, in our markets, the most popular method is streaming, be it a plug-in radio, or remote stream, and the UCM's can't do it.
(Original post February 14 2021 updated)