Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

Calls to and from unused extensions - cause for concern?

Discussion in '3CX Phone System - General' started by Monomix, Jun 26, 2017.

Thread Status:
Not open for further replies.
  1. Monomix

    Joined:
    Jun 26, 2017
    Messages:
    1
    Likes Received:
    0
    Our 3CX server (version 14) was hacked last weekend; we were notified by our SIP trunk provider that someone had managed to externally register on one of the extensions and make outgoing calls to the Seychelles. Luckily, this was flagged by our provider and outgoing traffic blocked, so we're only a few bucks down.

    We upgraded to 15.5, and are back up and running again. The new mangement interface is extremely sexy.

    However, we're still seeing some things that don't quite smell right: calls to and from unused extensions (most often extension 1), and "test". I couldn't find any info on the "test" extension. Are there known instances of something like this happening?

    Currently, we're in the process of setting up secure SIP, have enabled logging of SIP packets on our firewall, and have enabled CDR logging on the 3CX server. Any other tips to get to the bottom of the issue are much appreciated.
     
  2. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    11,079
    Likes Received:
    324
    What sort of passwords have you been using? The default 3CX generated passwords for extensions are a seemingly random mix of characters and would not easily be guessed by a hacker. There are also a number of anti-hacking settings that will disallow registration using the wrong password for a given time, this time can be increased, and should be, and you can be notified by email when this occurs keeping you on top of things.
     
Thread Status:
Not open for further replies.