Ok guys... (hangs head low) I got hacked... looks like someone set up some kind of auto dialer on my system. I deleted the extension it was using. That seemed to prevent any further calls from succeeding. I also closed the public ssh port. I'm pretty sure the whoever is behind this can't do anything more at this point. But the system keeps trying to make calls out over the extension that I deleted. How can I stop this?
Got Hacked... Now What?
- Thread starter mahables
- Start date
Phone_User
Guru
- Joined
- Jun 9, 2008
- Messages
- 314
- Reaction score
- 0
I would first look in the /var/spool/asterisk/outgoing and delete any call files that may be there.
That should do it.
That should do it.
Try Wards security primer
http://nerdvittles.com/?p=580
It's all great info!!! However the item I GREATLY encourage is the pay as you go. With your VOIP provider do NOT use the auto replenishment, always use the pay as you go plan. That way theoretically you can only lose up to what you have deposited, for me it's never more than $15.00
http://nerdvittles.com/?p=580
It's all great info!!! However the item I GREATLY encourage is the pay as you go. With your VOIP provider do NOT use the auto replenishment, always use the pay as you go plan. That way theoretically you can only lose up to what you have deposited, for me it's never more than $15.00
I didn't find any call files. I don't really know how they were initiating the calls, but as soon as I closed the sip and rtp ports, the calls stopped.
jehowe
Guru
- Joined
- Nov 14, 2007
- Messages
- 288
- Reaction score
- 4
In the freepbx gui, use the permit/deny fields for every extension in your system to lock them to your local LAN or remote extension IP. Also, if it's an option on your firewall and you don't use remote extensions, designate port forwarding only from your ITSP's IP.
I've come to apreciate IAX more and more. If your ITSP supports IAX and you don't need remote SIP extensions, you could drop SIP outside your LAN and close off the SIP & RTP ports. Aside from that, follow Ward's security primer, and make sure fail2ban is enabled and that you use secure passwords.
I've come to apreciate IAX more and more. If your ITSP supports IAX and you don't need remote SIP extensions, you could drop SIP outside your LAN and close off the SIP & RTP ports. Aside from that, follow Ward's security primer, and make sure fail2ban is enabled and that you use secure passwords.
Forum statistics
Get 3CX - Absolutely Free!
Link up your team and customers 
Phone System Live Chat Video Conferencing
Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.
Verify your Email
Check your inbox!
We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).
Upon verification you will be directed to the 3CX setup wizard.