My PBX in a Flash has been hacked (posting here at the request of Ward). Over 2200 calls from 1/21/09 to 1/22/09, and I thought I was safe. I am not computer guru, just a regular guy that likes tech. I don’t make a living with PBX systems and I don’t visit the forums regularly unless I am trying to figure out how to fix something, so please let me know what I did wrong. I set up my small home office PBX (3 extensions) and have regularly run update-scripts, update-fixes, (never ran update-source) and updated the FreePBX modules as I was notified. All was good until I received a call from a person in the 337 area code saying that they saw my number on their caller ID. I didn’t call, so I checked my call records and WOW (lots of calls to the 337 area code)! Shutdown the PBX server and trying to figure out what happened?
What I Have:
Orgasmatron I with the Walmart special (installed following all www.nerdvittles.com instructions)
2 VOIP providers (Viatalk and Vitelity)
Linksys WRT 150N router running DDWRT (SPI FIREWALL)
Block Anonymous WAN Requests (ping)
Filter Multicast
Filter IDENT (Port 113)
Dyndns
Ports forwarded to my PBX IP address (192.168.x.xxx
4569 UDP
5004 - 5037 UDP
5038 – 5082 UDP
10,000 – 20,000
My 3 extensions don’t have passwords that match the extension numbers and I did run passwd-master when I first set up the system. I think my “hole” was that I left extension 501 (cellphone) untouced from the original ISO Orgasmatron base install. I had plans to incorporate into my dialplan, however, I never did.
I have now downloaded Orgasmatron II and understand that it is running a newer version of Asterisk and Cent OS and plan on a fresh install. Is this version more secure?
It would really be helpful if someone could explain how this hack occurred? Since all of the outgoing calls were originated from the extension 501 (cellphone) that had the default password, exactly what happened? And more importantly what else can I do to help prevent further attacks? (yes I will not be leaving extension 501 unchanged on my fresh install)
Thanks for you help
What I Have:
Orgasmatron I with the Walmart special (installed following all www.nerdvittles.com instructions)
2 VOIP providers (Viatalk and Vitelity)
Linksys WRT 150N router running DDWRT (SPI FIREWALL)
Block Anonymous WAN Requests (ping)
Filter Multicast
Filter IDENT (Port 113)
Dyndns
Ports forwarded to my PBX IP address (192.168.x.xxx
4569 UDP
5004 - 5037 UDP
5038 – 5082 UDP
10,000 – 20,000
My 3 extensions don’t have passwords that match the extension numbers and I did run passwd-master when I first set up the system. I think my “hole” was that I left extension 501 (cellphone) untouced from the original ISO Orgasmatron base install. I had plans to incorporate into my dialplan, however, I never did.
I have now downloaded Orgasmatron II and understand that it is running a newer version of Asterisk and Cent OS and plan on a fresh install. Is this version more secure?
It would really be helpful if someone could explain how this hack occurred? Since all of the outgoing calls were originated from the extension 501 (cellphone) that had the default password, exactly what happened? And more importantly what else can I do to help prevent further attacks? (yes I will not be leaving extension 501 unchanged on my fresh install)
Thanks for you help