Stephan, Very good points! Also you should reverse search your IP in http://www.shodanhq.com/ . I had a user who did not change the admin password on their ATA and it was exposed to the internet. So hackers just went to the ATA web maint page, used the default credentials and then scrape the account information. Then used the account to call cell phones in Moscow. Found his IP and device in the Shodan Database.
Mike On Mon, Jan 21, 2013 at 3:36 PM, Stéphan Monette <[email protected]>wrote: > Roger, > > Just to make sure I didn't left my list of userids and passwords in some > file with Google or somewhere else, I would first login into the web portal > and reset my SIP and IAX passwords. > > I've seen a lot of people with their Hotmail, Gmail, Yahoo Mail accounts > hacked without them knowing about it. Sometimes; the hackers are getting > the userids and passwords from the saved emails you have left in your Gmail > or other free email services! They usually look for bank account data, but > they would sell any good information to anyone willing to pay for it > including SIP accounts info! > > In the past when I was working on the Unlimitel systems, we made sure the > username and passwords could not be guessed. We even stopped sending > passwords by email! And we would still see users having their passwords > stolen because they shared a Google drive (docs back then) with someone > else who got their google account hacked!!!! > > After Primus took over, they even went an extra step by blocking any IP > that would fail to register a SIP account to stop hackers from guessing > Unlimitel SIP passwords. > > The web portal is designed so that your browser do not cache any infos! > The passwords are not even listed in TEXT on the web portal to make sure > customers with some sort of virus or malware could spy on your data! So if > the hackers were able to make calls using your SIP credentials, this means > they had the right data on hand and never got blocked because they never > failed the SIP authentication. > > So I would suggest to reset your passwords (using the web portal) and do > not save your passwords list anywhere on your computer or cloud storage > services. > > That should stop them. If not, use a different tools or softphone! > > > > On 2013-01-21, at 3:20 PM, Mark Brown <[email protected]> wrote: > > > Roger, > > > > Is there a chance the phone was compromised? > > > > You didn't say what phone or app you were using. > > > > Android phones seem to have a swiss cheese security model, and many apps > are not always as they seem..... > > I'm not sure the iPhones are much better. > > I've automatically discounted Windows phones.... :-) > > > > I have a remote ATA with Unlimitel, and I haven't had such a problem.... > yet. > > > > /M > > > > On 1/21/2013 9:33 AM, Yajie wrote: > >> this has been pain in the ass. as soon as I make some international > calls > >> for several days, my account will be hacked, hacker made a lot of calls > to > >> high rate country in no time and my account will be blocked by > Unlimitel. > >> this happened at least 5 times in last two years. my friend has same > issue > >> too. interestingly, i didn't use asterisk to make calls recently, but a > >> SIP softphone on my cell phone. so there is no way hacker can hack > into my > >> asterisk. I know unlimtel has much restrict password rule than any other > >> ITSP i used. but only unlimitel got hacked every time . Do you guys know > >> why? or i really should abandon Unlimitel's ship? Thanks! > >> > >> > >> Roger > >> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Mike Ashton CTO Quality Track International Phone: +1 647.724.3500 x251 Cell: +1 416.527.4995
