Author Topic: Continuous Dialing of phone numbers  (Read 2826 times)

rndinokc

  • Veteran
  • ***
  • Posts: 87
    • View Profile
Continuous Dialing of phone numbers
« on: January 02, 2010, 04:51:06 pm »
Last night I got an email from broadvoice and was advised that I had violated their terms of service agreement.  It seems that my LMCE system had been making numerous phone calls out in a somewhat random sequence.  The system made 100's of calls without my knowledge spaced 20-30 seconds apart.  Broadvoice stopped the outgoing calls but the Core continued to dial throughout the night since I was not present to stop it.  Has anyone heard of such a thing?  Has my system been hacked?  I rebooted the system and it immediately began making calls again.  Any ideas would be greatly appreciated as I do not want to have to reload and if there was a hack how do I prevent it in the future? 
Thanks,
Randy

dlewis

  • Guru
  • ****
  • Posts: 401
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #1 on: January 02, 2010, 05:03:53 pm »
hmm... This sounds very weird. What were the duration of the calls? Could you provide a log?

rndinokc

  • Veteran
  • ***
  • Posts: 87
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #2 on: January 02, 2010, 05:27:06 pm »
At present time I have shut down the system.  Can you please assist me with obtaining the log?  I would be happy to try and find out what happened.
Thanks,
Randy

dlewis

  • Guru
  • ****
  • Posts: 401
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #3 on: January 02, 2010, 05:36:49 pm »
there are two places the call logs are stored. One which is the logs as they are exported in /var/log/asterisk/cdr-*, the second place is in the mysql databases. There is a call log table that contains those entries that you see displayed via the GUI interface. You'll find it in database asteriskcdrdb, called cdr.
« Last Edit: January 02, 2010, 06:02:04 pm by dlewis »

posde

  • Administrator
  • LinuxMCE God
  • *****
  • Posts: 3441
  • Wastes Life On LinuxMCE Since 2007
    • View Profile
    • My Home
Re: Continuous Dialing of phone numbers
« Reply #4 on: January 02, 2010, 05:57:31 pm »
Please update your system using apt-get update, and do a sqlCVS update as well. Following that, fill in new passwords for your phones (the field secret). After that is done, reboot your system. and verify that your /etc/asterisk/sip_additional.conf file contain the new passwords. The Orbiter phones will pick up the password, other SIP and IAX based phones need to have the secret updated manually.
Currently on my way in the North Eastern United States - If I helped you, feel free to buy me a coffee: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=2VKASZLTJH7ES

rndinokc

  • Veteran
  • ***
  • Posts: 87
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #5 on: January 02, 2010, 06:12:05 pm »
I am searching for the logs.  I spoke with the broadvoice people and they informed me that I was probably hacked.  I know sometimes it is a catch all answer but I think that was probably what happened.  Is there a way to see if any one tampered with the system?  Logs should be coming soon.
Thanks,
Randy

dlewis

  • Guru
  • ****
  • Posts: 401
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #6 on: January 02, 2010, 06:18:26 pm »
The logs would tell something... Do what posde said as well.

rndinokc

  • Veteran
  • ***
  • Posts: 87
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #7 on: January 03, 2010, 09:58:49 pm »
This is probably a stupid question but where is the field "secret" found?
Thanks,
Randy

dlewis

  • Guru
  • ****
  • Posts: 401
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #8 on: January 03, 2010, 10:14:02 pm »
check /etc/asterisk/sip_additional.conf

rndinokc

  • Veteran
  • ***
  • Posts: 87
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #9 on: January 04, 2010, 12:52:48 am »
I changed the password for the orbiter phone in MCE admin but it did not change in the sip_additional.conf file.  Am I not changing the password in the correct place?  I really do appreciate everyone taking the time to answer my questions.
Thanks,
Randy

rndinokc

  • Veteran
  • ***
  • Posts: 87
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #10 on: January 04, 2010, 03:41:19 am »
Thanks for the help.  I found the secret setting on FreePBX and confirmed it in sip_additional.conf.  The only question I have now is that I have a 7940 cisco and in FreePBX there is no secret field.  How do I insure this is protected?
Thanks,
Randy

posde

  • Administrator
  • LinuxMCE God
  • *****
  • Posts: 3441
  • Wastes Life On LinuxMCE Since 2007
    • View Profile
    • My Home
Re: Continuous Dialing of phone numbers
« Reply #11 on: January 05, 2010, 12:02:03 pm »
Thanks for the help.  I found the secret setting on FreePBX and confirmed it in sip_additional.conf.  The only question I have now is that I have a 7940 cisco and in FreePBX there is no secret field.  How do I insure this is protected?
Thanks,
Randy

What device template is used for the 7940?
Currently on my way in the North Eastern United States - If I helped you, feel free to buy me a coffee: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=2VKASZLTJH7ES

rndinokc

  • Veteran
  • ***
  • Posts: 87
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #12 on: January 05, 2010, 06:01:16 pm »
I am using the 7970 template.  It seems to work just fine.
Thanks,
Randy

posde

  • Administrator
  • LinuxMCE God
  • *****
  • Posts: 3441
  • Wastes Life On LinuxMCE Since 2007
    • View Profile
    • My Home
Re: Continuous Dialing of phone numbers
« Reply #13 on: January 05, 2010, 10:52:20 pm »
I am using the 7970 template.  It seems to work just fine.

The extension for the 7970 is no problem, as it uses SCCP and not SIP. No secret needed.
Currently on my way in the North Eastern United States - If I helped you, feel free to buy me a coffee: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=2VKASZLTJH7ES

rndinokc

  • Veteran
  • ***
  • Posts: 87
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #14 on: January 06, 2010, 06:07:05 am »
Thank you for your help with this.  I think I have a much more secure system now.  I was getting call back from the hundred or so people my system called and evidently whoever hijacked the system has not very nice.  But I appreciate all the hard work the developers have done.  Happy New Year.
Thanks,
Randy