Have I been hacked [̲̅$̲̅(̲̅1οο̲̅)̲̅$̲̅]

General Help
1

Hosted in:CyberLink

PBX Firmware: 6.12.65-32
PBX Service Pack: 1.0.0.0

I’m not sure how, but I think one of my sites has being compromised.

This are the active connections, all of them from trusted sources

PEERS.png2064×916 79.8 KB

This is a CDR sample

CDR.png1102×486 45.3 KB
CDR1.png2084×416 91.1 KB
CDR2.png2092×524 112 KB

Isn’t normal to have this unwanted calls, any advice?

should I just erase and reinstall this server?

Thanks for any tip :rotating_light:

2

I don’t think these are big problems, but there are lots of details we don’t have.

  1. Check the logs (/var/log/asterisk/full) and see what the actual call path was.
  2. Check and make sure you don’t have Anonymous phones enabled.
  3. Check your firewall settings. You should only allow remote connections to the server (especially on your SIP port) to know good addresses. The obvious players there are your ITSP, you remote office phones, etc.
  4. 6.12 is pretty old - you might want to consider an update to a newer version, especially if you aren’t running some kind of firewall.

Both of your examples terminated in “congestion”, which means the number that was called is not a valid number for your outbound calling rules. The fact that there were 11 of them at about the same time simply means that someone tried to screw you over and probably failed. Keep looking and tighten up your access controls - you’re probably still safe.

1 Like
3

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.