• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

Hacked! International calls

Status
Not open for further replies.

online8

Free User
Intermediate Cert.
Joined
Jun 20, 2016
Messages
13
Reaction score
1
My 3CX system was hacked today and used to make international calls! I don't know what pees me off more:

1. I was hacked
2. They ran up a bill of over $150!
3. 3CX was set to not allow international calls but they still made the calls!!

How is this possible????
 
Hello @online8

I would recommend creating a ticket regarding this with our support department so they can look into the logs of the PBX and try to determine what cause. Please do not restart the machine or the 3CX services as this will erase the logs.
 
Well it depends on the hack. If they got your admin password they could have easily enabled international calling. For future reference, always depend on layered security. You should always have international calling disabled at the provider level as well if not needed.
 
Indeed. "Hacked!" is very vague.What exactly happened? How did they get in to begin with? Weak authentication password?
 
Did they somehow register an extension (guess the password?), or was this a Direct SIP call attack?
 
  • Like
Reactions: nub
I changed my sip provider to NetSIP recently. NetSIP emailed me to say that there was fraudulant calls on my account. They said that as it came from my phone sytstem that it is not their fault but they will insist on me paying the bill. Funny how this never happened in the last 18months with another carrier. I was under the impression that when signing up to NetSIP that international calls were not allowed unless you requested to have them unblocked. I've tried to log a ticket with 3CX as my international destinations were all turned off but when i logged into the helpdesk it said that my account does not have any support (I use an NFR license).
 
If they have, or have given you access to, the records for when the calls occurred, you may be able to go back in the Activity Logs, or even call logs, and see if they actually passed through 3CX. If you specified that certain calls (international, or those over a certain cost), were to be blocked by the provider, and you have a record that this was so, then the onus should be on the provider to explain why this did not happen.

If you cannot find a record in 3CX, of the calls originating, then it would suggest that someone was placing calls directly to the provider, which would means that they possess your provider user name and password. If that were that case, your provider may have a record of the IP(s) that placed the calls.
 
Status
Not open for further replies.

Getting Started - Admin

Latest Posts

Forum statistics

Threads
141,627
Messages
748,911
Members
144,738
Latest member
Ghisl1
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.