One of the SIP accounts I have registered as a trunk here got hacked and someone burnt up all my call credit on that account. I contacted that provider and they said that "the firewall on your asterisk box is not configured correctly."
They have suspended my account until this is cleared up, so at least no further charges can be racked up.
None of the calls show up in my call monitor here, so what actually happened, and how do we prevent this from happening again?
Thank you for contacting us, the fraudulent activity you are describing is due to the Asterisk box on your account not having been installed correctly.
As an instant security measure we have suspended the SIP accounts to prevent any further outgoing calls on the account which may have a negative monetary affect.
Please make sure that the firewall being used on your device is up to date and fully secure and that your device cannot be accessed by any public or third parties.
Our recommended firewall settings are as follows:
1. Allow all traffic from and to IP range of XX.YY.ZZ.0/24 (Whole Subnet).
2. Make sure SIP ALG is disabled.
3. UDP - Alive time out needs to be set to 200 seconds
Once this is completed, you need to change all of your SIP usernames and SIP passwords as these details have been compromised.
This post has been edited 1 time(s), it was last edited by hig on 16.02.2015 at 14:24.
The security hole has been fixed. We are very sorry to inform you that private data of every user on PBXes could have been stolen. All passwords, especially the passwords of all trunks, need now to be updated for security reasons.
We will be sending out an email broadcast as soon as possible.