Any and all non-support discussions
Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N
by macaruchi » Tue May 30, 2017 12:18 pm
Hi!
This holiday weekend was not good for me. I left 200USD funds in my dialer and today everything gone.
I am checking my dialer but I dont see any calls in my agent_log or calls did it with any extension. I checked call_log and I saw a lot calls done and the CDR of my provider.
I am finding where could be the leak but I dont find anything.
It seems like asterisk and not vicidial was hacking . I need ideas to solve this and wthat steps can I do
I have calls with 3 hours and more , I change all passwords , what else can I do
Please , any help will be appreciated
*------------------
ViciBox 11 | Version:2.14b | SVN Version: 3764| DB Schema Version:1697| BUILD: 230927-0857 | 2 Processors 8 Core | 32 GB Ram | 1 Tera HD
-
macaruchi
-
- Posts: 138
- Joined: Wed Sep 21, 2016 8:11 pm
by macaruchi » Tue May 30, 2017 12:22 pm
ViciBox 7.0.3
VERSION: 2.12-565a
BUILD: 160827-0917
One server
*------------------
ViciBox 11 | Version:2.14b | SVN Version: 3764| DB Schema Version:1697| BUILD: 230927-0857 | 2 Processors 8 Core | 32 GB Ram | 1 Tera HD
-
macaruchi
-
- Posts: 138
- Joined: Wed Sep 21, 2016 8:11 pm
by macaruchi » Tue May 30, 2017 2:41 pm
Question:
If I get the extension/pass with force brute how can I use this extension to dial and to do outbound calls ?
It seems that was the intromision becuase in call_log table all calls has one extension that I use
Any cluees?
*------------------
ViciBox 11 | Version:2.14b | SVN Version: 3764| DB Schema Version:1697| BUILD: 230927-0857 | 2 Processors 8 Core | 32 GB Ram | 1 Tera HD
-
macaruchi
-
- Posts: 138
- Joined: Wed Sep 21, 2016 8:11 pm
by mflorell » Tue May 30, 2017 7:49 pm
When this happens it's usually a SIP phone extension that is brute-force attacked. Check the conf file secret for your SIP phones. If you have the screenlog.0 files available from the time when the calls happened, you can look to see what extension was placing the calls.
-
mflorell
- Site Admin
-
- Posts: 18387
- Joined: Wed Jun 07, 2006 2:45 pm
- Location: Florida
-
by macaruchi » Tue May 30, 2017 8:31 pm
How can I check screenlog.0 ?
I checked the call_log and I saw the extension , I think, anyway , I am changing all extensions. But for example if I know one extension how can I configure it for dial outbound calls?
I mean when I login to zoiper I cant do any calls so how can they use this extension to calling to any number /?
This question is for general acknowledgement
*------------------
ViciBox 11 | Version:2.14b | SVN Version: 3764| DB Schema Version:1697| BUILD: 230927-0857 | 2 Processors 8 Core | 32 GB Ram | 1 Tera HD
-
macaruchi
-
- Posts: 138
- Joined: Wed Sep 21, 2016 8:11 pm
by mattyou1985 » Thu Jun 01, 2017 5:02 pm
2 things to stop attaks
1 onley have ipauthentication with your voip carrier
2 ip lockdown your server to do this look for DGG ip lockdown thir ausom
this will solve the hacking problum
-
mattyou1985
-
- Posts: 111
- Joined: Tue Apr 19, 2016 3:30 pm
Return to General Discussion
Who is online
Users browsing this forum: No registered users and 39 guests