Hack Attempt ??

Discussion in '3CX Phone System - General' started by craigreilly, May 12, 2012.

Thread Status:
Not open for further replies.
  1. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    2,969
    Likes Received:
    182
    IP 66.xxx.xxx.105 is my public address for my Citrix Server
    IP 66.xxx.xxx.104 is my public address for my Crystal Report Server
    Is someone just fishing hoping to be able to make a call thru my system?
    What is the 58441576017827@66.xxx.xxx.105?
    These are the only 2 entries since I left last night. So they gave up when the IP got blacklisted.

     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,367
    Likes Received:
    228
    They are attempting direct SIP calls. I see that once in a while. They will try different combinations of numbers...9011XXXX, 011XXXXX, 0XXXXX, etc. One in particular ties out a different range of UK numbers.

    You can, and probably should increase your blacklist time to something above 334 seconds, I use 200,000. And you can include the IP range 80.172.0.0 (use a subnet mask of 255.255.0.0) in the IP blacklist, unless you expect someone from that range to contact you.

    In some cases, they will come back around later using a slightly different IP, or you may never see that one again.
     
  3. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    2,969
    Likes Received:
    182
    Thanks for the suggestions .
    We are sticking with our pstn lines until our contract is up but will have 2 home users.
    It would be nice to deny all except certain ips...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,367
    Likes Received:
    228
    You mean something , like, oh, I don't know...an IP whitelist, maybe?

    http://3cx.ideascale.com/a/dtd/Add-a-whitelisted-IP-list-next-to-blacklisted-IP-list/335122-9854
     
  5. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    2,969
    Likes Received:
    182
    7 votes won't get this implemented very quickly.... ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,367
    Likes Received:
    228
    Exactly...although, there are a number of similar suggestions.
     
  7. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    2,969
    Likes Received:
    182
    Is this the 3rd item in the Anti-Hacking Tab of Security? Mine is at 1800. I have no idea why 3cx responded with 334 seconds blacklist.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,367
    Likes Received:
    228
    When i get a chance, I'll go though my settings. I know that when there is an unauthorized registration attempt, i get an email telling me they have been blacklisted for 200000 seconds. I then add the IP range to the permanent Blacklist, because, more often than not, they come back some later with a slightly different IP (last two fields)
     
Thread Status:
Not open for further replies.