Thousands of minutes of unknown calls

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Thousands of minutes of unknown calls

Postby irodel_ini » Thu Aug 02, 2018 5:59 pm

Hi support,

just wanna ask about thousands of minutes of unknown calls, all of the sudden our monthly voip bill became 66K minutes where in our average monthly bill is less than 10K minutes only, when we checked we've found unknown destination numbers "17127755736" that has calls more then 4K seconds, allot of destination number that started at "1712775xxxx" has high in number of seconds. but when we try to search that number in vicidial admin that number doesn't exist in the system or our leads but in cdr table they are. Can you help me why and how this happened or what are the possible causes and how to prevent that from happening again? thank you

VICIDIAL VERSION: 2.14-644a
BUILD: 171130-0036
Asterisk Version: 11.25.3-vici
irodel_ini
 
Posts: 15
Joined: Mon Jun 25, 2018 8:36 pm

Re: Thousands of minutes of unknown calls

Postby irodel_ini » Thu Aug 02, 2018 6:02 pm

by the way most of the calls caller id in the cdr table are came from our 102 sip extension. thank you
irodel_ini
 
Posts: 15
Joined: Mon Jun 25, 2018 8:36 pm

Re: Thousands of minutes of unknown calls

Postby thephaseusa » Fri Aug 03, 2018 3:47 am

You didnt use extension 102 login password 102 registration password 102 did you?

Are you using a firewall?

http://viciwiki.com/index.php/DGG

Voip minutes are the first thing hackers try to attack on a vicidial computer. I’m very sorry, but it sounds like they discovered your sip extension 102 login and maybe other extensions and used them to steal your voip minutes. Unplug from the internet, change your phone extension passwords, system passwords, set up a whitelist firewall (DGG) connect back to the internet, confirm that your firewall is dropping connections from non whitelisted IP addresses.

journalctl -f -k

Please post back and let us know if you need assistance.
thephaseusa
 
Posts: 345
Joined: Tue May 16, 2017 2:23 pm

Re: Thousands of minutes of unknown calls

Postby irodel_ini » Fri Aug 03, 2018 5:55 pm

Thank you for your reply and suggestions. I did not use the extension 102. i don't have firewall either. Can i ask what is this command "journalctl -f -k" for?
irodel_ini
 
Posts: 15
Joined: Mon Jun 25, 2018 8:36 pm

Re: Thousands of minutes of unknown calls

Postby williamconley » Fri Aug 03, 2018 6:17 pm

irodel_ini wrote:Thank you for your reply and suggestions. I did not use the extension 102. i don't have firewall either. Can i ask what is this command "journalctl -f -k" for?

I bet this will help you: http://bfy.tw/JG4K

Also note that while the DGG link before is useful to install the DGG firewall ... it begins with instructions on how to Whitelist your server (without installing anything!). So start with the whitelist, immediately. Reboot after you've got the whitelist configuration done to lock out anyone who already has a connection. Then decide whether to complete the DGG install (which is really just an add-on to make whitelisting of IPs easier!).

And from this moment forward: Never put a PBX / Dialer online without whitelisting it.

If you require assistance with the installation: http://catalog.poundteam.com/product_in ... cts_id=687
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Thousands of minutes of unknown calls

Postby irodel_ini » Fri Aug 03, 2018 6:31 pm

Thank you so much for you help. is this applicable and ok even our server is on cloud? meaning i don't have the physical server at my place.
irodel_ini
 
Posts: 15
Joined: Mon Jun 25, 2018 8:36 pm

Re: Thousands of minutes of unknown calls

Postby williamconley » Fri Aug 03, 2018 6:42 pm

The server can be virtual, physical, at your location or at some other location. There is no Cloud.

But to answer your question: None of those is relevant. It's a device with internet access and it's been accessed as such. Because the firewall wasn't whitelisted.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Thousands of minutes of unknown calls

Postby teleinx » Tue Aug 14, 2018 10:33 pm

It's rare to see this type of fraud to a destination in the US. It more frequent with international destinations. Just a sobering reminder that you need to lock down and secure your equipment!
VoIP carrier spesilizing in vici dial.
Outboud VoIP Termination | Inboud VoIP Origination | Carrier Data Services
Website: http://www.teleinx.com
skype: teleinx inc
teleinx
 
Posts: 55
Joined: Fri Apr 08, 2016 7:44 pm
Location: Miami, FL


Return to Support

Who is online

Users browsing this forum: No registered users and 108 guests