LinuxMCE Forums
General => Users => Topic started by: rndinokc on January 02, 2010, 04:51:06 pm
-
Last night I got an email from broadvoice and was advised that I had violated their terms of service agreement. It seems that my LMCE system had been making numerous phone calls out in a somewhat random sequence. The system made 100's of calls without my knowledge spaced 20-30 seconds apart. Broadvoice stopped the outgoing calls but the Core continued to dial throughout the night since I was not present to stop it. Has anyone heard of such a thing? Has my system been hacked? I rebooted the system and it immediately began making calls again. Any ideas would be greatly appreciated as I do not want to have to reload and if there was a hack how do I prevent it in the future?
Thanks,
Randy
-
hmm... This sounds very weird. What were the duration of the calls? Could you provide a log?
-
At present time I have shut down the system. Can you please assist me with obtaining the log? I would be happy to try and find out what happened.
Thanks,
Randy
-
there are two places the call logs are stored. One which is the logs as they are exported in /var/log/asterisk/cdr-*, the second place is in the mysql databases. There is a call log table that contains those entries that you see displayed via the GUI interface. You'll find it in database asteriskcdrdb, called cdr.
-
Please update your system using apt-get update, and do a sqlCVS update as well. Following that, fill in new passwords for your phones (the field secret). After that is done, reboot your system. and verify that your /etc/asterisk/sip_additional.conf file contain the new passwords. The Orbiter phones will pick up the password, other SIP and IAX based phones need to have the secret updated manually.
-
I am searching for the logs. I spoke with the broadvoice people and they informed me that I was probably hacked. I know sometimes it is a catch all answer but I think that was probably what happened. Is there a way to see if any one tampered with the system? Logs should be coming soon.
Thanks,
Randy
-
The logs would tell something... Do what posde said as well.
-
This is probably a stupid question but where is the field "secret" found?
Thanks,
Randy
-
check /etc/asterisk/sip_additional.conf
-
I changed the password for the orbiter phone in MCE admin but it did not change in the sip_additional.conf file. Am I not changing the password in the correct place? I really do appreciate everyone taking the time to answer my questions.
Thanks,
Randy
-
Thanks for the help. I found the secret setting on FreePBX and confirmed it in sip_additional.conf. The only question I have now is that I have a 7940 cisco and in FreePBX there is no secret field. How do I insure this is protected?
Thanks,
Randy
-
Thanks for the help. I found the secret setting on FreePBX and confirmed it in sip_additional.conf. The only question I have now is that I have a 7940 cisco and in FreePBX there is no secret field. How do I insure this is protected?
Thanks,
Randy
What device template is used for the 7940?
-
I am using the 7970 template. It seems to work just fine.
Thanks,
Randy
-
I am using the 7970 template. It seems to work just fine.
The extension for the 7970 is no problem, as it uses SCCP and not SIP. No secret needed.
-
Thank you for your help with this. I think I have a much more secure system now. I was getting call back from the hundred or so people my system called and evidently whoever hijacked the system has not very nice. But I appreciate all the hard work the developers have done. Happy New Year.
Thanks,
Randy