$2000 calls in one hours? The fraud user must be a professional hacker and should have some kind of VoIP system and 10s (if not hundreds) of friends calling at the same time.
On Sat, Feb 7, 2009 at 3:46 PM, Gregory Boehnlein <[email protected]> wrote: > Let me guess… > > > > 1. The Switchvox was open to the Internet > > 2. The extensions were simple (three / four digits) and the > passwords matched the extensions > > 3. The attacker was able to register from the public Internet as one > of the users and send the calls. > > > > Sounds much more like an installation done by someone who had no clue about > IP security. Don't blame Switchvox for the installers lack of a clue.. > Switchvox is designed to run behind a firewall, and best practices for > installation would dictate that you be very paranoid about what to allow to > communicate w/ the PBX. Allowing it to be openly accessed on the Public > Internet is shear stupidity. > > > > So.. what am I missing here? > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *VIP Carrier > *Sent:* Saturday, February 07, 2009 6:36 PM > *To:* Commercial and Business-Oriented Asterisk Discussion > *Subject:* [asterisk-biz] PBX got Hacked > > > > Guys, > I can't belive that our client's PBX got hacked today. > My client has a SwitchVOX SMB and it got hacked! > some f...@ckers with a following IP's > 91.121.132.208 > 69.60.114.222 > was able to send a calls in a matter of 1 hr for more then $2000 > > what can I say stay a way from switchvox > > -- > This message has been scanned for viruses and > dangerous content by *N2Net > Mailshield*<http://www.n2net.net/Products.asp?PageId=1&SubId=14>, > and is > believed to be clean. > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz >
_______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
