vicidial.org

Hi!
This holiday weekend was not good for me. I left 200USD funds in my dialer and today everything gone.
I am checking my dialer but I dont see any calls in my agent_log or calls did it with any extension. I checked call_log and I saw a lot calls done and the CDR of my provider.
I am finding where could be the leak but I dont find anything.

It seems like asterisk and not vicidial was hacking . I need ideas to solve this and wthat steps can I do

I have calls with 3 hours and more , I change all passwords , what else can I do

Please , any help will be appreciated

ViciBox 7.0.3
VERSION: 2.12-565a
BUILD: 160827-0917

One server

Question:
If I get the extension/pass with force brute how can I use this extension to dial and to do outbound calls ?

It seems that was the intromision becuase in call_log table all calls has one extension that I use

Any cluees?

When this happens it's usually a SIP phone extension that is brute-force attacked. Check the conf file secret for your SIP phones. If you have the screenlog.0 files available from the time when the calls happened, you can look to see what extension was placing the calls.

How can I check screenlog.0 ?
I checked the call_log and I saw the extension , I think, anyway , I am changing all extensions. But for example if I know one extension how can I configure it for dial outbound calls?
I mean when I login to zoiper I cant do any calls so how can they use this extension to calling to any number /?

This question is for general acknowledgement

2 things to stop attaks

1 onley have ipauthentication with your voip carrier

2 ip lockdown your server to do this look for DGG ip lockdown thir ausom

this will solve the hacking problum