export/backup 3cx company directory

Discussion in '3CX Phone System - General' started by PalestineCold, May 8, 2013.

Thread Status:
Not open for further replies.
  1. PalestineCold

    Joined:
    Feb 20, 2013
    Messages:
    26
    Likes Received:
    0
    Recently my 3cx phone system was hacked and nothing has worked correctly since. I need to know the location of the company directory so I can restore my contacts after I do a fresh reinstall of 3cx
     
  2. PalestineCold

    Joined:
    Feb 20, 2013
    Messages:
    26
    Likes Received:
    0
    Sorry, I got my terminology wrong. I need to export the company phone book
     
  3. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,356
    Likes Received:
    224
    That's a bit worrying, was this an inside job, or from someone on the outside? If from the outside, can you elaborate on how they got in and what you've change to prevent this from happening again? I'm sure we've all seen signs of registration and direct SIP call attempts, and any insight into something we may have over looked would, I'm sure, be appreciated.

    Did you not have any 3CX backups, made prior to the hacking problem? The company phonebook should be in there. I'm not sure if it could be extracted, then, inserted into a new backup (made after a fresh install), then re-installed.

    One of the lessons many of us have learned the hard way, is to do a backup, on a regular basis, even if no major changes are made to the system. Even once a week, is better than nothing.
     
  4. PalestineCold

    Joined:
    Feb 20, 2013
    Messages:
    26
    Likes Received:
    0
    it appears that they guessed the password for an extension and used it to make international calls. I changed passwords and user account id's and then reprovisioned the phones. after that, the extensions, the patton gateway, and our voip provider would all unregister after about 20 minutes and they wouldn't re register until i restarted all the services. I tried restoring from a back up and had similiar results. I doubt it would be an inside job since we only have 10 employees and most don't even have a computer at home, much less an ip phone. it was my fault for using a weak password in the first place but it was on a new extension that I was trouble shooting and I was tired of reentering a long pasword everytime
     
  5. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,356
    Likes Received:
    224
    So, even restoring a backup from before "the event", and provisioning the sets to the original settings, you are still having an issue?

    There may be something else happening.

    If you run out of ideas...well, this is what i would do, restore the system to a previous backup. Confirm that everything is working. It should be as long as there is no hardware issue preventing this. Then re-configure the security/password on only one or two sets. Leave it or a while and see if there are any more registration problems. If not, then carry on with the rest. You might want to change your outbound rules so that access to international calls requires an uncommon prefix/access code while you are doing all of this. You might want to consider extending that rule if international calls do not make up a large part of your "normal" calling pattern.

    I've seen a number of direct SIP call (hack) attempts, sending numbers like 9001XXXXX or 00XXXXXXXX, but you probably won't see 23300XXXXXXXXX.
     
  6. PalestineCold

    Joined:
    Feb 20, 2013
    Messages:
    26
    Likes Received:
    0
    thanks for the suggestions. Ill try restoring to an earlier time and see how that works out
     
  7. farsight

    Joined:
    Sep 28, 2009
    Messages:
    43
    Likes Received:
    0
    I believe that you will find all 3CX data under: C:\programdata\3cx\.

    The 3CX backup is a zip file. Open it up and you should have access to everything without doing the restore.
     
Thread Status:
Not open for further replies.