Hacked, rogue PJSIP extension created

spammie · October 20, 2018, 5:27pm

Hi all,

My 13.0.195.4 was hacked yesterday. The hackers created a PJSIP account that I can’t seem to delete from the GUI. I was able to change the password, and of course, I’ve updated all the modules.

What might cause an extension to be un-deletable?

I’ve got backups of the evening prior to the hack, and last night after the hack, but before the framework/module upgrades. Any idea how to identify how they got in?

Thanks.

Spammie

arielgrin · October 21, 2018, 12:29am

Are you sure it is not the default anonymous pjsip entity?

tm1000 · October 21, 2018, 1:25am

Send the backups to [email protected]
Anything else is pure speculation.

system · October 28, 2018, 1:25am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.