Oubound calls from inbound queue (hacked ?)

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Oubound calls from inbound queue (hacked ?)

Postby macaruchi » Mon Apr 23, 2018 8:50 pm

Hi!
I have a inbound carrier just for inbound calls without no dialplan for outbound. But now I am seeing that my carrier send me a huge CDR with 2K calls just for today but I just received 200 calls into Vicidial.
I think that I am being hacked but I dont know how.

My configuration with my carrier is for IP and this doesnt have any dialplan to outside call.

Any help or clues ?

TIA
*------------------
ViciBox 11 | Version:2.14b | SVN Version: 3764| DB Schema Version:1697| BUILD: 230927-0857 | 2 Processors 8 Core | 32 GB Ram | 1 Tera HD
macaruchi
 
Posts: 138
Joined: Wed Sep 21, 2016 8:11 pm

Re: Oubound calls from inbound queue (hacked ?)

Postby williamconley » Mon Apr 23, 2018 9:07 pm

1) Welcome to the Party! 8-)

2) As you are obviously new here, I have some suggestions to help us all help you:

When you post, please post your entire configuration including (but not limited to) your installation method (7.X.X?) and vicidial version with build (VERSION: 2.X-XXXx ... BUILD: #####-####).

This IS a requirement for posting along with reading the stickies (at the top of each forum) and the manager's manual (available on EFLO.net, both free and paid versions)

You should also post: Asterisk version, telephony hardware (model number is helpful here), cluster information if you have one, and whether any other software is installed in the box. If your installation method is "manual/from scratch" you must post your operating system with version (and the .iso version from which you installed your original operating system) plus a link to the installation instructions you used. If your installation is "Hosted" list the site name of the host.

If this is a "Cloud" or "Virtual" server, please note the technology involved along with the version of that techology (ie: VMware Server Version 2.0.2). If it is not, merely stating the Motherboard model # and CPU would be helpful.

Similar to This:

Vicibox X.X from .iso | Vicidial X.X.X-XXX Build XXXXXX-XXXX | Asterisk X.X.X | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel DG35EC | Core2Quad Q6600

3) Dialplan entries in Carrier settings are there for convenience. They are not "assigned" to those carriers by virtue of being in the same "Admin->Carier" entry. The dialplan is shared among the entire Vicidial system in this location, with a few exceptions.

4) Security for inbound vs outbound is accomplished by having "context=trunkinbound" in the carrier's sip account entry. This value should be included in ALL carrier account entries (for inbound and oubound). To be clear: "context=" is ONLY used for inbound calls, thus ALL carrier accont entries should include "context=trunkinbound" since all calls using this feature are Inbound calls. There is never a reason for a missing "context=" nor for a context={someothevalue} and this value is not something that can be required by the carrier themselves.

5) You did not share your sip account or dialplan entries. So we can't form an opinion on that basis.

6) You did not share any asterisk CLI output that might show a call from an inbound sip account passing to an outbound account. Once again, not a lot we can guess about regarding that.

So clue us in a bit and maybe we can help you out. You could also try including the Dynamic Good Guys (or some other) firewall in your system to be certain that Only Authorized IPs can access your system. If your system is configured to make connecting easy ... and not firewalled ... it's easy for *anyone* to connect.

8-)
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Oubound calls from inbound queue (hacked ?)

Postby macaruchi » Tue Apr 24, 2018 9:54 am

1)
Version: 2.14b0.5
SVN Version: 2858
DB Schema Version: 1524
ViciBox 7.0.4
12 Core 32Gb Ram Server

Account Entry
[DID_IN1]
username=xxxxx
secret=xxxx
type=peer
progressinband=never
port=5060
nat=force_rport
ignoresdpversion=yes
host= xxxxxxxx
dtmfmode=rfc2833
deny=xx
deny=xx
deny=xx
deny=xx
deny=xx
context=trunkinbound
canreinvite=no
insecure=port,invite
disallow=all
allow=ulaw
allow=alaw

DialpLan Entry
-nothing-
*------------------
ViciBox 11 | Version:2.14b | SVN Version: 3764| DB Schema Version:1697| BUILD: 230927-0857 | 2 Processors 8 Core | 32 GB Ram | 1 Tera HD
macaruchi
 
Posts: 138
Joined: Wed Sep 21, 2016 8:11 pm

Re: Oubound calls from inbound queue (hacked ?)

Postby williamconley » Tue Apr 24, 2018 10:55 am

You have this same information posted in two links. Pick one. Put all the information into it. Delete the other.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)


Return to Support

Who is online

Users browsing this forum: Majestic-12 [Bot] and 125 guests