I followed this Wiki page to configure my Obi110 as an ATA for FreePBX:
That page doesn’t appear to secure against people coming in on the Obi-to-Obi number. I believe someone came in through this a couple of times last night to my FreePBX to sniff around. They didn’t come in over my DID, and the Obi-to-Obi number is the only way I can imagine they could have come in.
Can someone add instructions to close down the Obi-to-Obi calling method to the above Wiki page, plus detail them here?
Voice Services -> OBiTALK Service -> Enable (unchecked).
However, IMO that’s a very unlikely attack vector. Do your CDRs show calls from the OBi’s extension?
Yes. From the OBI’s extension, and not from my one and only DID or any other extensions. I already mostly concluded that turning off ObiTalk was the correct thing to do and did so + rebooted the device this morning. I don’t have edit privileges on the Wiki near as I can tell, so can’t add that info to the page.
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.