Stolen my funds, asterisk or vicidial

Any and all non-support discussions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Stolen my funds, asterisk or vicidial

Postby macaruchi » Tue May 30, 2017 12:18 pm

Hi!
This holiday weekend was not good for me. I left 200USD funds in my dialer and today everything gone.
I am checking my dialer but I dont see any calls in my agent_log or calls did it with any extension. I checked call_log and I saw a lot calls done and the CDR of my provider.
I am finding where could be the leak but I dont find anything.

It seems like asterisk and not vicidial was hacking . I need ideas to solve this and wthat steps can I do

I have calls with 3 hours and more , I change all passwords , what else can I do

Please , any help will be appreciated
*------------------
ViciBox 7.0.4 | Version:2.14-704a | SVN Version: 3078| DB Schema Version:1566| BUILD: 190312-0928 | 2 Processors 8 Core | 32 GB Ram | 1 Tera HD
macaruchi
 
Posts: 131
Joined: Wed Sep 21, 2016 8:11 pm

Re: Stolen my funds, asterisk or vicidial

Postby macaruchi » Tue May 30, 2017 12:22 pm

ViciBox 7.0.3
VERSION: 2.12-565a
BUILD: 160827-0917

One server
*------------------
ViciBox 7.0.4 | Version:2.14-704a | SVN Version: 3078| DB Schema Version:1566| BUILD: 190312-0928 | 2 Processors 8 Core | 32 GB Ram | 1 Tera HD
macaruchi
 
Posts: 131
Joined: Wed Sep 21, 2016 8:11 pm

Re: Stolen my funds, asterisk or vicidial

Postby macaruchi » Tue May 30, 2017 2:41 pm

Question:
If I get the extension/pass with force brute how can I use this extension to dial and to do outbound calls ?

It seems that was the intromision becuase in call_log table all calls has one extension that I use

Any cluees?
*------------------
ViciBox 7.0.4 | Version:2.14-704a | SVN Version: 3078| DB Schema Version:1566| BUILD: 190312-0928 | 2 Processors 8 Core | 32 GB Ram | 1 Tera HD
macaruchi
 
Posts: 131
Joined: Wed Sep 21, 2016 8:11 pm

Re: Stolen my funds, asterisk or vicidial

Postby mflorell » Tue May 30, 2017 7:49 pm

When this happens it's usually a SIP phone extension that is brute-force attacked. Check the conf file secret for your SIP phones. If you have the screenlog.0 files available from the time when the calls happened, you can look to see what extension was placing the calls.
mflorell
Site Admin
 
Posts: 18335
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Re: Stolen my funds, asterisk or vicidial

Postby macaruchi » Tue May 30, 2017 8:31 pm

How can I check screenlog.0 ?
I checked the call_log and I saw the extension , I think, anyway , I am changing all extensions. But for example if I know one extension how can I configure it for dial outbound calls?
I mean when I login to zoiper I cant do any calls so how can they use this extension to calling to any number /?

This question is for general acknowledgement
*------------------
ViciBox 7.0.4 | Version:2.14-704a | SVN Version: 3078| DB Schema Version:1566| BUILD: 190312-0928 | 2 Processors 8 Core | 32 GB Ram | 1 Tera HD
macaruchi
 
Posts: 131
Joined: Wed Sep 21, 2016 8:11 pm

Re: Stolen my funds, asterisk or vicidial

Postby mattyou1985 » Thu Jun 01, 2017 5:02 pm

2 things to stop attaks

1 onley have ipauthentication with your voip carrier

2 ip lockdown your server to do this look for DGG ip lockdown thir ausom

this will solve the hacking problum
mattyou1985
 
Posts: 111
Joined: Tue Apr 19, 2016 3:30 pm


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 57 guests