This is the 4th and final edition of our blog series. Last time we highlighted our top 4 security tips in Don’t be that guy Vol.3. In this edition, we will see how you can monitor your PBX system closely and also highlight some stats we have gathered from some unfortunate real-world hacking instances.

Email alerts keep you updated

Email Notifications - Security

First, there are multiple important email notifications to help with monitoring in 3CX. They allow admins to get alerted when something unexpected happens related to calling or security features. It is good to tick these and ensure to have defined multiple admin email addresses by separating them with commas. Email event alerts can be found in “Settings” > “Email”.

The below table gives a brief description of what each event email is reporting against.

EVENT EMAIL TITLE DESCRIPTION
A trunk failover occurs or the max amount of calls available through trunk has been exceeded Indicating that the value defined in Trunk settings in field “Number of SIM Calls” has been exceeded
Trunk/Provider responds to Request with an Error code Indicating that calls are getting rejected for example by the provider
The license limit is reached Indicating that too many calls were placed simultaneously
An IP has been blacklisted Indicating that an IP has been blocked after repeatedly authenticating with incorrect credentials
Requests are rejected/blocked by the AntiHacking module because of a security breach Indicating that an IP has been blocked after sending too many requests (flood/DoS)
Call to a blocked country Indicating that a user has attempted to call an international number with a country code that was disallowed

Make use of the audit log

Second, the audit logs that were introduced in v18 should be enabled. They allow you to keep track of each change made on the PBX in the management console from the admin or from users with delegated admin rights. Each entry will include a timestamp, username, source IP, and details on the change made with values before/after.

You can enable it from the Dashboard, and should periodically review them looking for unusual actions. You can also export them in CSV format.

Real-world examples act as reminders

To conclude, let me now share some real-life statistics for your consideration. Our security team reviewed 255 successful PBX breaches over the course of the last 4 years. Sounds a lot? On the contrary.

If we consider a base of 600,000 installs currently active worldwide,
255 (breaches) /600,000 (installs) *100 = 0.04 % got hacked.

This can translate to 1 in every 2400 installations getting breached.
Or in other words, we can say that 99.96% of our customers' installations are secure and we are quite proud of this statistic!

Successful hack cases we reviewed, arranged by country

  1. United States (21%)
  2. United Kingdom (15%)
  3. France (13%)
  4. Germany (8%)
  5. Belgium (5%)

3CX Hack numbers by country

Total number of hack cases reviewed per year

3CX Hacks per year

As you can see, unfortunately, it’s a rising trend. 2021 saw exponential growth in hacking. The COVID pandemic and other global crises have been good for the hackers.

Concerned? We are here to help

If you have experienced call fraud, a PBX security breach, or have any security concerns please reach out by opening a support ticket in the Security and Fraud section.

For any data privacy concerns, you can also reach out to [email protected]

But please, now you have read our 4 part series with lots of hints and tips…

Don’t be “THAT” guy!

See also

Don’t be “THAT” Guy Vol.1: Keep Complex Credentials
Don’t be “THAT” Guy Vol.2: Call Fraud
Don’t be “THAT” Guy Vol.3: Top 4 Security Tips