Our 3cx was hacked - Very Important

Discussion in '3CX Phone System - General' started by fernandoml, Feb 26, 2014.

Thread Status:
Not open for further replies.
  1. fernandoml

    Joined:
    Feb 20, 2010
    Messages:
    2
    Likes Received:
    0
    Dear Sirs,

    Someone logged in our 3cx and used the extension *888 (FAX) to call International numbers. Our Firewall had a permission to route ports to our server (virtualid). However I do not believe in our configuration this extension could be used for international calls. The anti-hacking system did not worked as well as the outbound rule that should be used only from the specific group of extensions.

    I changed the password, removed the VirtualID on Firewall. Then I would like to know if there is another thing that I can do?

    Regards,
     
  2. fernandoml

    Joined:
    Feb 20, 2010
    Messages:
    2
    Likes Received:
    0
    By the way. There were more then 150 calls... to Palestina, Africa.. and countries like this.
     
  3. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,567
    Likes Received:
    246
    If you don't normally place calls to certain countries then those can be blocked in the 3CX settings. Outbound rules can further refine this. You can also introduce a (more complex) prefix that would be required when dialling internationally.

    Some VoIP providers allow you to restrict calls (set a limit) to numbers below a certain cost-per-minute. You might want to check to see if your provider offers this service.
     
  4. sigma1

    sigma1 Active Member

    Joined:
    Nov 20, 2009
    Messages:
    542
    Likes Received:
    1
    Restrict (in your firewall) port 5060 to the SIP trunk provider's IP range (ask them for the list). Force any external user to use the 3CX tunnel if on Dynamic IP addresses and whitelist those that are on static IPs. Issue resolved.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. sigma1

    sigma1 Active Member

    Joined:
    Nov 20, 2009
    Messages:
    542
    Likes Received:
    1
    ... and this just came to mind... 3CX would have locked out the IP for too many failed logins (and if you have e-mail notifications on you would have known). I find it hard to believe that they just guessed the password... Look at your security settings while you are at it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.