Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

Hack Attempt ??

Discussion in '3CX Phone System - General' started by craigreilly, May 12, 2012.

Thread Status:
Not open for further replies.
  1. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    3,557
    Likes Received:
    300
    IP 66.xxx.xxx.105 is my public address for my Citrix Server
    IP 66.xxx.xxx.104 is my public address for my Crystal Report Server
    Is someone just fishing hoping to be able to make a call thru my system?
    What is the 58441576017827@66.xxx.xxx.105?
    These are the only 2 entries since I left last night. So they gave up when the IP got blacklisted.

     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    11,095
    Likes Received:
    327
    They are attempting direct SIP calls. I see that once in a while. They will try different combinations of numbers...9011XXXX, 011XXXXX, 0XXXXX, etc. One in particular ties out a different range of UK numbers.

    You can, and probably should increase your blacklist time to something above 334 seconds, I use 200,000. And you can include the IP range 80.172.0.0 (use a subnet mask of 255.255.0.0) in the IP blacklist, unless you expect someone from that range to contact you.

    In some cases, they will come back around later using a slightly different IP, or you may never see that one again.
     
  3. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    3,557
    Likes Received:
    300
    Thanks for the suggestions .
    We are sticking with our pstn lines until our contract is up but will have 2 home users.
    It would be nice to deny all except certain ips...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    11,095
    Likes Received:
    327
    You mean something , like, oh, I don't know...an IP whitelist, maybe?

    http://3cx.ideascale.com/a/dtd/Add-a-whitelisted-IP-list-next-to-blacklisted-IP-list/335122-9854
     
  5. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    3,557
    Likes Received:
    300
    7 votes won't get this implemented very quickly.... ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    11,095
    Likes Received:
    327
    Exactly...although, there are a number of similar suggestions.
     
  7. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    3,557
    Likes Received:
    300
    Is this the 3rd item in the Anti-Hacking Tab of Security? Mine is at 1800. I have no idea why 3cx responded with 334 seconds blacklist.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    11,095
    Likes Received:
    327
    When i get a chance, I'll go though my settings. I know that when there is an unauthorized registration attempt, i get an email telling me they have been blacklisted for 200000 seconds. I then add the IP range to the permanent Blacklist, because, more often than not, they come back some later with a slightly different IP (last two fields)
     
Thread Status:
Not open for further replies.