Has Trixbox development stopped? Should you look for other Asterisk solutions like Elastix or PBXinaFlash?
Has Trixbox development stopped? Should you look for other Asterisk solutions?
Has Trixbox development stopped? Well I am not sure if it has stopped completely. For version 2.6 yes it does seem like it has stopped. Here are the most recent release dates.
Trixbox 2.8 latest release 2010-06-11
Trixbox 2.6 latest release 2009-06-22
We have a lot of customer that like Trixbox. We also have seen a lot of Trixbox servers get hacked in the past. Always update your server and patch exploits. Use APF, BFD, and Fail2Ban if you can. We recommend locking down your PBX (Trixbox, Elastix, or PBXinaFlash Server) to just the IP Addresses that need it. The IP Address of where your phones are connecting from, The IP Address of your VOIP Providers and the IP address of the Management Team managing your PBX (Trixbox, Elastix, or PBXinaFlash Server). One exploit that was brought to our attention recently in Trixbox is listed below.
The admin web interface can be accessed using the username of “wwwadmin” and the default Trixbox password, giving full administration privileges to the server including access to the extension and trunks settings. The versions of Trixbox affected are Trixbox CE 2.8.0.4 and below + Trixbox CE 2.6.2.3 and below.
We suggest that you fix this ASAP or completely firewall your Trixbox server from outside access.
You can remove the wwwadmin user completely from two files and use passwd-maint to change the default maint password which is password.
Secure your PBX and also take the time to update to the latest available version of Trixbox.
In order to secure your PBX remove the user “wwwadmin” from the following locations:
Edit the file /usr/local/apache/passwd/wwwpasswd using nano or vi from the command line
remove the line in
/usr/local/apache/passwd/wwwpasswd
that looks like
wwwadmin:40ig27asm87
Edit the file /etc/trixbox/httpdconf/trixbox.conf using nano or vi from the command line
remove wwwadmin from one line in
/etc/trixbox/httpdconf/trixbox.conf
Require user maint wwwadmin
You may find this wwwadmin user in both of these files. /usr/local/apache/passwd/wwwpasswd /etc/trixbox/httpdconf/trixbox.conf
Run the command passwd-maint to change the default maint password for accessing trixbox.
You will need to have access to the command line of your server locally or remotely using SSH and be able to login as the root user to complete this task.
We have been using Elastix since it came out. We have deployed up to 160 Phone on Elastix and Trixbox. Elastix gets the needed attention and has an updated feature set. A lot of people like PBX in a Flash as well. It is really preference as they are all originally based off FreePBX. Trixbox came from Asterisk@Home which was also based off FreePBX. Trixbox did fork into pbxconfig but don’t forget where they came from! Elastix has an unembedded version of FreePBX which lets you use all FreePBX’s features. Elastix also has new features that are only found in Elastix like faxing and many add-ons!
Any distribution could get exploited it is important to run security updates and lock your server down as much as possible.