I have been hacked!

[jmullinix]

Actually, I wasn't hacked, but one of the boxes I am peered with was. I was peered with that box using an IAX trunk with from-internal context rather than Dundi. I guess the hacker discovered that route and sent over 6000 calls totalling over 4000 minutes in 2 1/2 hours yesterday morning. I was notified when the a really nice lady from the Texas Department of Transportation called me and asked why I was calling repeatedly. I was out of the office and had my wife kill the router until I could get back.

Fortunately, I only use prepaid VOIP long distance carriers and it appears to have only cost me about $10.00.

I am posting this for several reasons. First to illustrate that it can happen. Second to illustrate that giving from-internal privileges to very trusted friends can cause problems for you. Finally, if I had been peered with him using Dundi, the hack would have not affected my server since the numbers being dialed were not numbers that I advertise routes for. Even if I had a Dundi route for the numbers advertised, the hacker would have been limited to one call at a time rather than the 26 calls per minute rate they were using.

The moral is that we need to peer with Dundi.

Update:

I spoke with my buddy whom I originally thought had been hacked. The calls did not come from his server, but the hacker used his credentials to get into mine. I went into /var/log/asterisk/full.1, which is yesterdays asterisk log, pulled a copy to my machine and found an IP address. I have notified the ISP but have had no official response. If I haven't had a response by morning, I will file a report with my police department. While damages were limited, the impact of this is tremendous.

 

[jehowe]

Sorry to hear that John, but at least the damages were limited. Was the IAX trunk compromised through a discovered host/secret or some other method?

From here on out, I'll only peer using Dundi! Thanks for the lesson.

 

[wardmundy]

I'm sorry you got hacked, but I'm also glad. John was one of a handful of folks testing our new VoIP service, and a hundred or so of John's calls were routed through that service within a couple minutes. It demonstrated more weaknesses in our hosting provider's service than I care to mention. It convinced us that we needed to look elsewhere for hosting.

As luck would have it, our very own Joe Roper has been doing this for almost a decade. With the assistance of Joe's A2Billing platform, we hope to offer several levels of telephony service in Europe and in the U.S. within the coming weeks.

For those (like me) that want cheapo service at the expense of sometimes iffy call quality, we'll have a cheapo service. And for those that want rock-solid, business class service, we'll have that, too.

 

[jroper]

Hi

Not just an A2Billing platform, but the whole lot is going to be built on a the basis of PBX in a Flash - with some relatively small modifications, so we can show you how scalable PiaF can really be.

I would expect to have the service running in days, not weeks.

I have specifically designed it for PBX in a Flash and our particular needs and requirements, compared to other providers who have to be all things to all people.

Joe

 

[jmullinix]

I have updated the original post.

 

[jmullinix]

It turn out the credentials were purloined. The calls did not come through my buddy's server.

 

[jmullinix]

Ward,

When you are ready to test your new service, count me in. From what I could tell, the existing one had good sound quality, it passed the WAT (wife approval test) and worked everytime I used it.

If you want, just move my balance when you are ready and let me know. I will re-enable that trunk and stress test the new one for you