Elastix , which is a free forked version of asterisk pbx product comes with integrated ready to use add-ons like a2billing  ( billing module for voip/telephony ) , vtigercrm  etc.,


After installing we must change default passwords for elastix admin , a2billing and vitigercrm admin .

This can be done easily while installation time ( with new versions ) , or after logging into the panel with default passwords( older versions).


But  there was serious security bug ( i think it is patched now ) with elastix , where somebody can hack  the elastix box with the default password of built in user ‘asteriskuser’  and  able to make calls.


Here are the steps i followed to change astersikuser password


Step1 :

changing  password in database

-ssh to elastixbox with root privileges

-connect to sql  console  by typing  # mysql -u root -p

-now enter the mysql root password ( you can find this in /etc/elastix.conf  and you can even change it by typing #mysqladmin -u root -p’oldpassword‘ password ‘newpassword‘)


mysql> show databases;
| Database           |
| information_schema |
| asterisk           |
| asteriskcdrdb      |
| meetme             |
| mya2billing        |
| mysql              |
| roundcubedb        |
| test               |
| vtigercrm510       |
9 rows in set (0.00 sec)

mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> set password for ‘asteriskuser’@’localhost’ = PASSWORD(‘newpassword‘);


change asteriskuser password in /etc/amportal.conf

now run command  # /usr/src/AMP/apply_conf.sh to apply the changes


type #grep -r “asteriskuser” /etc/asterisk/*   to find files with asteriskuser entries and change the password to newpassword


[root@vm2 ]# grep -r “asteriskuser” /etc/asterisk/*
/etc/asterisk/cdr_mysql.conf:user = asteriskuser
/etc/asterisk/res_mysql.conf:dbuser = asteriskuser




*replace newpassword with your own password







Categories: VOIP


Jose Tapia · March 24, 2014 at 11:55 am

Thanks for the info, good advice

Jose Tapia · November 23, 2012 at 11:20 am

Thanks for the info great advice

Leave a Reply

Your email address will not be published.