Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

Solved Is that an hack?

Discussion in '3CX Phone System - General' started by frammpartner, Sep 4, 2017.

Thread Status:
Not open for further replies.
  1. frammpartner

    Joined:
    Sep 4, 2017
    Messages:
    2
    Likes Received:
    0
    Hi guys,

    my 3CX (already updated and patched to the latest version), give me multiple activity log from Ozeki VoIP SIP SDK v11.1.2.

    In particular this is the log:

    09/04/2017 9:10:02 AM - PBX has dropped a message with 'User-Agent: Ozeki VoIP SIP SDK v11.1.2' from IP 179.43.143.71 because it is on blocked UAs list
    09/04/2017 9:10:01 AM - PBX has dropped a message with 'User-Agent: Ozeki VoIP SIP SDK v11.1.2' from IP 179.43.143.71 because it is on blocked UAs list
    09/04/2017 9:09:59 AM - PBX has dropped a message with 'User-Agent: Ozeki VoIP SIP SDK v11.1.2' from IP 179.43.143.71 because it is on blocked UAs list
    09/04/2017 9:09:58 AM - PBX has dropped a message with 'User-Agent: Ozeki VoIP SIP SDK v11.1.2' from IP 179.43.143.71 because it is on blocked UAs list
    09/04/2017 9:09:58 AM - PBX has dropped a message with 'User-Agent: Ozeki VoIP SIP SDK v11.1.2' from IP 179.43.143.71 because it is on blocked UAs list
    ......................................................................................and more.........................................................................

    Is this an hack? how can I do?

    Thanks, regards
    Francesco
     
  2. IoannisM_3CX

    IoannisM_3CX Support Team
    Staff Member 3CX Support

    Joined:
    Aug 10, 2017
    Messages:
    229
    Likes Received:
    18
    Hello @frammpartner ,

    Apparently, someone is trying to hack your system as Ozeki is a known hacking tool. The system is dropping messages that use as user agent the Ozeki signature. Nevertheless, for security reasons we have added the signature in the parameters, that's why you see the drooped messages, the system is rejecting the attempts.

    For extra security you can do the follow:

    - In the Settings / Security / Anti-Hacking / divide each values by two, except the blacklist time interval, and the security barrier (green).
    Set the blacklist time interval to a higher value such as 31536000 (1 year).
    - in your firewall, filter the SIP port to allow only trusted sources, meaning your VoIP providers IP/range, and remote extensions (if any).

    Although 3CX PBX uses anti-hacking countermeasures that protect you good enough, it is always better and recommended, security measures to be taken on your firewall as a precaution.

    Thank you
     
    AH2, frammpartner and craigreilly like this.
  3. frammpartner

    Joined:
    Sep 4, 2017
    Messages:
    2
    Likes Received:
    0
    Thank you very much @IoannisM_3CX!

    I've set my 3CX step by step using your guide line and I have modify my firewall rules to accept only my VoIP providers.

    Thank you again, regards
    Francesco
     
  4. IoannisM_3CX

    IoannisM_3CX Support Team
    Staff Member 3CX Support

    Joined:
    Aug 10, 2017
    Messages:
    229
    Likes Received:
    18
    frammpartner likes this.
Thread Status:
Not open for further replies.