- Joined
- Jun 25, 2010
- Messages
- 1
- Reaction score
- 0
Well I have been stupid - I have to admit it
I have been running the 3cx phone system for a while now on my 2008 small business server. I have only been running it in a test capacity and have been using it with one extension (a grandstream handytone) and connected to the voiptalk service.
I got an email today from them to say I was low in credit - odd I thought - I have hardly been using it and mostly for incoming calls anyway.
Looking at voiptalk's activity log the credit was all used on calls to Egypt - hmmmmm I thought - who do I know in Egypt??? - no one :lol:
I thought at first mt voiptalk acc has been hacked and someone has registered a voip phone directly to the service, but no.
Then I checked if my windows server had been hacked in general terms - all checks seemed okay.
Turns out that someone has registered a voip phone DIRECTLY TO my 3cx server as extension 100 and was bouncing calls off the server!!!
So I checked my firewall (A netgear prosafe) : I have only the udp 5060 and udp 9000-9007 open for incoming - no 3cx tunnel or anything like that.
On reading the documentation again and talking to a networking expert it seems that the 3cx will accept any voip phone connection to it - even if it is from the internet - so long as the id and pw match.
Someone was obviously port scanning me, saw that I have a voip service running and, yes you guessed it, tried the defaults of 100 and 100 for un and pw!!!
ARRRGGHHHHHHHH! :x
I hadn't realised that the 3cx would do this - I thought that these ports would only be for in/out calls and not extension connections.
I have updated all of my passwords and added a bit more credit :lol:
Oh well, just thought I would share my experiences - you never know - someone else might have made the same mistake.
Luckily this is a test setup before I consider buying it properly so I didn't have much credit on voiptalk anyway - about 15 quid - but it has taught me something valuable about security and about sip security and 3cx extension connection security.
Gareth
I have been running the 3cx phone system for a while now on my 2008 small business server. I have only been running it in a test capacity and have been using it with one extension (a grandstream handytone) and connected to the voiptalk service.
I got an email today from them to say I was low in credit - odd I thought - I have hardly been using it and mostly for incoming calls anyway.
Looking at voiptalk's activity log the credit was all used on calls to Egypt - hmmmmm I thought - who do I know in Egypt??? - no one :lol:
I thought at first mt voiptalk acc has been hacked and someone has registered a voip phone directly to the service, but no.
Then I checked if my windows server had been hacked in general terms - all checks seemed okay.
Turns out that someone has registered a voip phone DIRECTLY TO my 3cx server as extension 100 and was bouncing calls off the server!!!
So I checked my firewall (A netgear prosafe) : I have only the udp 5060 and udp 9000-9007 open for incoming - no 3cx tunnel or anything like that.
On reading the documentation again and talking to a networking expert it seems that the 3cx will accept any voip phone connection to it - even if it is from the internet - so long as the id and pw match.
Someone was obviously port scanning me, saw that I have a voip service running and, yes you guessed it, tried the defaults of 100 and 100 for un and pw!!!
ARRRGGHHHHHHHH! :x
I hadn't realised that the 3cx would do this - I thought that these ports would only be for in/out calls and not extension connections.
I have updated all of my passwords and added a bit more credit :lol:
Oh well, just thought I would share my experiences - you never know - someone else might have made the same mistake.
Luckily this is a test setup before I consider buying it properly so I didn't have much credit on voiptalk anyway - about 15 quid - but it has taught me something valuable about security and about sip security and 3cx extension connection security.
Gareth