VOIP Setup HACKED??!?

A

ackerchez

New Member
Joined
Oct 18, 2012
Messages
2
Reaction score
0
Hey All,

I have a polycom soundpoint 331 unit at home attached to a mypbx soho pbx. One day I was looking through the logs and I see that one day every 30 seconds or so there were phone calls made to various countries around the world all coming from the polycom phone extension and the phone company wants to charge me a ton.

Obviously these calls are the result of either the mypbx soho being hacked or the polycom ip phone being hacked and I am unsure of which one. Obviously there must have been some kind of intrusion into the pbx because the outbound calls were using the correct routes for outbound calling.

Any idea on how to keep these items secure? How can I prevent this from happening again?
 
ackerchez said:
Hey All,

I have a polycom soundpoint 331 unit at home attached to a mypbx soho pbx. One day I was looking through the logs and I see that one day every 30 seconds or so there were phone calls made to various countries around the world all coming from the polycom phone extension and the phone company wants to charge me a ton.

Obviously these calls are the result of either the mypbx soho being hacked or the polycom ip phone being hacked and I am unsure of which one. Obviously there must have been some kind of intrusion into the pbx because the outbound calls were using the correct routes for outbound calling.

Any idea on how to keep these items secure? How can I prevent this from happening again?
Click to expand...
Hello
This is common in Asterisk based PBXs, especially if you're connecting calls to your provider over the internet.
These couple of links are for clients connecting to the OTEL network, but see how it can help you, it should be similar.
http://billing.otelafrica.com/knowledgebase.php?action=displayarticle&id=84
http://billing.otelafrica.com/knowledgebase.php?action=displayarticle&id=85
http://billing.otelafrica.com/knowledgebase.php?action=displayarticle&id=86

Hope it helps! :)

PS. Ideally, you should be locking your IP to the providers SIP account. However, you need a leased line for this, which is deployed with fixed IP. ADSL has no fixed IPs.

M
 
I see that the MY PBX SOHO has something for my SIP lines that will only allow them to register the extension if they are residing within a set ip address and subnet mask. I was thinking that if I set this to my internal network address and subnet then that should help secure things...no?
 
your system was not hacked, intruder is good at guessing
1. NEVER mount your system to the internet directly - if you really need to access it use a VPN
2. Make sure that you choose strong passwords for your ip devices and admin details
3. Disable SSH access

Did you leave your sip password the yeastar default pincode"and the extension number"?

I guess you had your system mounted to the internet either directly or via dyndns or ports forwarded to you mypbx, so if i was a "hacker" I would use my softphone and enter extension 500 and pincode500 to see if it registers, if it does i will make a call if not go down the list, the guys phone premium rated numbers that simply answers and puts the call in a conference room.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X