PBXes (http://www1.pbxes.com/forum/index.php)
- English (http://www1.pbxes.com/forum/board.php?boardid=16)
-- Bugs (http://www1.pbxes.com/forum/board.php?boardid=24)
--- RE: Hacked account (http://www1.pbxes.com/forum/threadid.php?threadid=1424093049)

Posted by highlandsun2 on 16.02.2015 at 15:24:

geschockt Hacked account

One of the SIP accounts I have registered as a trunk here got hacked and someone burnt up all my call credit on that account. I contacted that provider and they said that "the firewall on your asterisk box is not configured correctly."

They have suspended my account until this is cleared up, so at least no further charges can be racked up.

None of the calls show up in my call monitor here, so what actually happened, and how do we prevent this from happening again?

Thank you for contacting us, the fraudulent activity you are describing is due to the Asterisk box on your account not having been installed correctly.

As an instant security measure we have suspended the SIP accounts to prevent any further outgoing calls on the account which may have a negative monetary affect.

Please make sure that the firewall being used on your device is up to date and fully secure and that your device cannot be accessed by any public or third parties.

Our recommended firewall settings are as follows:
1. Allow all traffic from and to IP range of XX.YY.ZZ.0/24 (Whole Subnet).
2. Make sure SIP ALG is disabled.
3. UDP - Alive time out needs to be set to 200 seconds

Once this is completed, you need to change all of your SIP usernames and SIP passwords as these details have been compromised.

Posted by i-p-tel on 18.02.2015 at 16:42:

RE: Hacked account

Thank you for your report. Three customers of us, you, and two in Switzerland have been affected in total.

We have no clues yet how private data could have been accessed.

Posted by i-p-tel on 18.02.2015 at 19:46:

RE: Hacked account

The security hole has been fixed. We are very sorry to inform you that private data of every user on PBXes could have been stolen. All passwords, especially the passwords of all trunks, need now to be updated for security reasons.

We will be sending out an email broadcast as soon as possible.

Powered by: Burning Board Lite 1.0.2 © 2001-2004 WoltLab GmbH
English translation by Satelk