Solved 3CX PBX - Unsure what is wrong

Discussion in '3CX Phone System - General' started by earnie panneflek, Dec 16, 2016.

Thread Status:
Not open for further replies.
  1. earnie panneflek

    Joined:
    Dec 16, 2016
    Messages:
    2
    Likes Received:
    0
    Hi All,

    I just recently installed a 3CX PBX server at home. I created a few extension and was able to call my extensions from inside and outside my home network through the PBX server. So my FDQN is working fine and i did my homework in forwarding my ports accordingly. Next i bought a subscription and DID number from Flowroute. I Configured my SIP Trunk and the Inbound and Outbound rules as instructed by 3CX. Everything worked fine for the first day and was able to send and receive calls coming from my DID number...this all till disaster struck :-(

    I suddenly began receiving a lot of incoming calls from numbers a did not know. When answering this calls the persons on the other side were telling me that they received a missed call from my DID number. I was surprised and afraid my subscription amount would end up because of somebody using it. So i decided to shutdown the server till further noticed. I Don't know what to do. Could someone help me with this..or do you prephaps could show me to a direction of to what is happening to me??

    Thnx
     
  2. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,872
    Likes Received:
    306
    There are a number of settings that can reduce the chance of someone actually placing a call through the PBX. There are also some setting to let you know, by email, when an attempt is blocked. You can also go back through the 3CX activity logs to see all records of calls made, if they did manage to get through using one of your trunks.
    As long as you don't have an easy to guess password for the extensions you have created, then it would be very difficult for someone to register an extension. Some hackers try to place direct SIP calls (this can be disabled but may affect other things) to the PBX in the hopes they will go through. There is also the possibility that someone else is spoofing your DID number and calling these people.

    Some of these links are old and deal with previous versions of 3CX, but still worth a read.

    http://www.3cx.com/blog/docs/allow-deny-ip-addresses/
    http://www.3cx.com/blog/voip-howto/securing-hints/
    http://www.3cx.com/blog/pbx/ip-pbx-security/
    http://www.3cx.com/3cxacademy/videos/advanced/security-with-3cx-phone-system/
     
  3. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,872
    Likes Received:
    306
    It might be an idea to ask you provider (or check your account) to see if there is a sign of unauthorised activity. It might be possible for someone to have obtained the credentials you use to register your SIP trunks.
     
  4. deanril@yahoo.com

    Joined:
    Oct 27, 2016
    Messages:
    51
    Likes Received:
    1
    You need to run secure firewall not the pbx as DMZ. That means you only let Flowroute Ip's come into your pbx.
     
  5. cobaltit

    cobaltit Well-Known Member

    Joined:
    Mar 22, 2012
    Messages:
    1,203
    Likes Received:
    188
    I haven't actually seen any proof of a hack here. I see the assumption you were hacked because people say they received calls showing your caller-id but no actual logs in 3CX or charges from your provider that the calls actually originated from you. So provided you didn't go back and dumb down the passwords for the extensions I'm going to assume you were not hacked, but rather you happened to get a 'dirty' number that someone is spoofing.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. earnie panneflek

    Joined:
    Dec 16, 2016
    Messages:
    2
    Likes Received:
    0
    SOLVED IT!!!
    Working with the great support team at Flowroute they discovered that the DID number i had was still being used by it's previous owner.
    this is what i got for an answer :
    "I’ve looked into the logging and found that the previous owner of that number, another Flowroute customer, still has it set as their outbound caller ID. I’ve reached out to our other customer and instructed him to update his PBX. If you would prefer not to wait for them to resolve the problem, I can credit your account for the purchase of a new DID and you can release 191****** back to the number pool."

    I wanted to thank u guys for the quick response. Thnx Alot :)
     
Thread Status:
Not open for further replies.