Author Topic: Continuous Dialing of phone numbers  (Read 2172 times)

rndinokc

  • Veteran
  • ***
  • Posts: 87
    • View Profile
Continuous Dialing of phone numbers
« on: January 02, 2010, 04:51:06 pm »
Last night I got an email from broadvoice and was advised that I had violated their terms of service agreement.  It seems that my LMCE system had been making numerous phone calls out in a somewhat random sequence.  The system made 100's of calls without my knowledge spaced 20-30 seconds apart.  Broadvoice stopped the outgoing calls but the Core continued to dial throughout the night since I was not present to stop it.  Has anyone heard of such a thing?  Has my system been hacked?  I rebooted the system and it immediately began making calls again.  Any ideas would be greatly appreciated as I do not want to have to reload and if there was a hack how do I prevent it in the future? 
Thanks,
Randy

dlewis

  • Guru
  • ****
  • Posts: 401
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #1 on: January 02, 2010, 05:03:53 pm »
hmm... This sounds very weird. What were the duration of the calls? Could you provide a log?

rndinokc

  • Veteran
  • ***
  • Posts: 87
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #2 on: January 02, 2010, 05:27:06 pm »
At present time I have shut down the system.  Can you please assist me with obtaining the log?  I would be happy to try and find out what happened.
Thanks,
Randy

dlewis

  • Guru
  • ****
  • Posts: 401
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #3 on: January 02, 2010, 05:36:49 pm »
there are two places the call logs are stored. One which is the logs as they are exported in /var/log/asterisk/cdr-*, the second place is in the mysql databases. There is a call log table that contains those entries that you see displayed via the GUI interface. You'll find it in database asteriskcdrdb, called cdr.
« Last Edit: January 02, 2010, 06:02:04 pm by dlewis »

posde

  • Administrator
  • LinuxMCE God
  • *****
  • Posts: 3059
  • Wastes Life On LinuxMCE Since 2007
    • View Profile
    • My Home
Re: Continuous Dialing of phone numbers
« Reply #4 on: January 02, 2010, 05:57:31 pm »
Please update your system using apt-get update, and do a sqlCVS update as well. Following that, fill in new passwords for your phones (the field secret). After that is done, reboot your system. and verify that your /etc/asterisk/sip_additional.conf file contain the new passwords. The Orbiter phones will pick up the password, other SIP and IAX based phones need to have the secret updated manually.

rndinokc

  • Veteran
  • ***
  • Posts: 87
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #5 on: January 02, 2010, 06:12:05 pm »
I am searching for the logs.  I spoke with the broadvoice people and they informed me that I was probably hacked.  I know sometimes it is a catch all answer but I think that was probably what happened.  Is there a way to see if any one tampered with the system?  Logs should be coming soon.
Thanks,
Randy

dlewis

  • Guru
  • ****
  • Posts: 401
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #6 on: January 02, 2010, 06:18:26 pm »
The logs would tell something... Do what posde said as well.

rndinokc

  • Veteran
  • ***
  • Posts: 87
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #7 on: January 03, 2010, 09:58:49 pm »
This is probably a stupid question but where is the field "secret" found?
Thanks,
Randy

dlewis

  • Guru
  • ****
  • Posts: 401
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #8 on: January 03, 2010, 10:14:02 pm »
check /etc/asterisk/sip_additional.conf

rndinokc

  • Veteran
  • ***
  • Posts: 87
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #9 on: January 04, 2010, 12:52:48 am »
I changed the password for the orbiter phone in MCE admin but it did not change in the sip_additional.conf file.  Am I not changing the password in the correct place?  I really do appreciate everyone taking the time to answer my questions.
Thanks,
Randy

rndinokc

  • Veteran
  • ***
  • Posts: 87
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #10 on: January 04, 2010, 03:41:19 am »
Thanks for the help.  I found the secret setting on FreePBX and confirmed it in sip_additional.conf.  The only question I have now is that I have a 7940 cisco and in FreePBX there is no secret field.  How do I insure this is protected?
Thanks,
Randy

posde

  • Administrator
  • LinuxMCE God
  • *****
  • Posts: 3059
  • Wastes Life On LinuxMCE Since 2007
    • View Profile
    • My Home
Re: Continuous Dialing of phone numbers
« Reply #11 on: January 05, 2010, 12:02:03 pm »
Thanks for the help.  I found the secret setting on FreePBX and confirmed it in sip_additional.conf.  The only question I have now is that I have a 7940 cisco and in FreePBX there is no secret field.  How do I insure this is protected?
Thanks,
Randy

What device template is used for the 7940?

rndinokc

  • Veteran
  • ***
  • Posts: 87
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #12 on: January 05, 2010, 06:01:16 pm »
I am using the 7970 template.  It seems to work just fine.
Thanks,
Randy

posde

  • Administrator
  • LinuxMCE God
  • *****
  • Posts: 3059
  • Wastes Life On LinuxMCE Since 2007
    • View Profile
    • My Home
Re: Continuous Dialing of phone numbers
« Reply #13 on: January 05, 2010, 10:52:20 pm »
I am using the 7970 template.  It seems to work just fine.

The extension for the 7970 is no problem, as it uses SCCP and not SIP. No secret needed.

rndinokc

  • Veteran
  • ***
  • Posts: 87
    • View Profile
Re: Continuous Dialing of phone numbers
« Reply #14 on: January 06, 2010, 06:07:05 am »
Thank you for your help with this.  I think I have a much more secure system now.  I was getting call back from the hundred or so people my system called and evidently whoever hijacked the system has not very nice.  But I appreciate all the hard work the developers have done.  Happy New Year.
Thanks,
Randy