Author Topic: Has my sigate UK account been hijacked because of LMCE?  (Read 2086 times)

ladekribs

  • Veteran
  • ***
  • Posts: 83
    • View Profile
Re: Has my sigate UK account been hijacked because of LMCE?
« Reply #15 on: September 29, 2011, 12:02:57 am »
Fibres,

loggs found at Web admin - Advanced - configuration - Phones setup - (FreePBX) - Reports

fibres

  • Guru
  • ****
  • Posts: 306
    • View Profile
    • LinuxMCE 08.10 RC Mirror.
Re: Has my sigate UK account been hijacked because of LMCE?
« Reply #16 on: September 29, 2011, 12:12:04 am »
That is strange then.

Not sure how they accessed your account then. Can sipgate tell you the ip address that the calls were made from?
Or at least confirm if it was from your ip or not?

Might be worth just having a quick look there purps to see if they have got in through your system.

May shed some light on it.

Regards

twodogs

  • Guru
  • ****
  • Posts: 224
    • View Profile
Re: Has my sigate UK account been hijacked because of LMCE?
« Reply #17 on: September 29, 2011, 12:49:46 am »
Purps,

Nothing to add except my condolences. Simultaneous problems with MCE, VOIP provider, and SWMBO is the trifecta of pain.

Twodogs
http://greenrenovation.wordpress.com/home-automation/
system:
ASUS P5N7A-VM
integrated GeForce 9300
E5200 processor
Fusion 5 lite HDTV card
2G RAM
SYBA SY-PCI15001 6-port serial card
Denon AVR 3805
LG 42" Plasma
Gyration GYR3101
Cisco SPA3102 analog telephone adapter
Cisco 7971G IP phone/orbiter

purps

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1382
  • If it ain't broke, tweak it
    • View Profile
Re: Has my sigate UK account been hijacked because of LMCE?
« Reply #18 on: September 29, 2011, 06:42:11 pm »
That is strange then.

Not sure how they accessed your account then. Can sipgate tell you the ip address that the calls were made from?
Or at least confirm if it was from your ip or not?

Might be worth just having a quick look there purps to see if they have got in through your system.

May shed some light on it.

Regards

Thanks, yes, I will contact sipgate and ask that question. Anything else you think I should ask whilst I am there?

Purps,

Nothing to add except my condolences. Simultaneous problems with MCE, VOIP provider, and SWMBO is the trifecta of pain.

Twodogs

Thank you Twodogs, it's not that bad, perhaps I am being a little melodramatic. We have far more important things going on at the moment. I have just accepted a new job, and we will be buying our first house together soon, so it's all go. I will certainly be getting back on the wiki tasks now that the interviews are finally over!

Cheers,
Matt.
1004 RC :: looking good :: upgraded 01/04/2013
my setup :: http://wiki.linuxmce.org/index.php/User:Purps

fibres

  • Guru
  • ****
  • Posts: 306
    • View Profile
    • LinuxMCE 08.10 RC Mirror.
Re: Has my sigate UK account been hijacked because of LMCE?
« Reply #19 on: September 30, 2011, 01:24:44 am »
I would just check the logs suggested above by ladekribs.

You should be able to see if the calls have been made through your system. If you see calls in the logs but dont understand what they mean pm me a copy and ill have a look.

Regards

purps

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1382
  • If it ain't broke, tweak it
    • View Profile
Re: Has my sigate UK account been hijacked because of LMCE?
« Reply #20 on: September 30, 2011, 10:32:13 am »
Thank you very much for that offer fibres, I will certainly take you up on that.

Sipgate got back to me very quickly - the calls were made from 41.239.173.188, which certainly isn't my IP. Does that add up, seeing as I don't reckon I had any extensions set up?

Thanks again.

Cheers,
Matt.
1004 RC :: looking good :: upgraded 01/04/2013
my setup :: http://wiki.linuxmce.org/index.php/User:Purps

fibres

  • Guru
  • ****
  • Posts: 306
    • View Profile
    • LinuxMCE 08.10 RC Mirror.
Re: Has my sigate UK account been hijacked because of LMCE?
« Reply #21 on: September 30, 2011, 04:20:58 pm »
That seems to rule out the calls being made from an unsecured extension on your system.

However, Does the freePBX admin page have a default password set and do you know if it is accessible from outside your network?

If this is the case it is possible they got your details from the admin page.

Regards