Page 1 of 1

Oubound calls from inbound queue (hacked ?)

PostPosted: Mon Apr 23, 2018 8:50 pm
by macaruchi
Hi!
I have a inbound carrier just for inbound calls without no dialplan for outbound. But now I am seeing that my carrier send me a huge CDR with 2K calls just for today but I just received 200 calls into Vicidial.
I think that I am being hacked but I dont know how.

My configuration with my carrier is for IP and this doesnt have any dialplan to outside call.

Any help or clues ?

TIA

Re: Oubound calls from inbound queue (hacked ?)

PostPosted: Mon Apr 23, 2018 9:07 pm
by williamconley
1) Welcome to the Party! 8-)

2) As you are obviously new here, I have some suggestions to help us all help you:

When you post, please post your entire configuration including (but not limited to) your installation method (7.X.X?) and vicidial version with build (VERSION: 2.X-XXXx ... BUILD: #####-####).

This IS a requirement for posting along with reading the stickies (at the top of each forum) and the manager's manual (available on EFLO.net, both free and paid versions)

You should also post: Asterisk version, telephony hardware (model number is helpful here), cluster information if you have one, and whether any other software is installed in the box. If your installation method is "manual/from scratch" you must post your operating system with version (and the .iso version from which you installed your original operating system) plus a link to the installation instructions you used. If your installation is "Hosted" list the site name of the host.

If this is a "Cloud" or "Virtual" server, please note the technology involved along with the version of that techology (ie: VMware Server Version 2.0.2). If it is not, merely stating the Motherboard model # and CPU would be helpful.

Similar to This:

Vicibox X.X from .iso | Vicidial X.X.X-XXX Build XXXXXX-XXXX | Asterisk X.X.X | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel DG35EC | Core2Quad Q6600

3) Dialplan entries in Carrier settings are there for convenience. They are not "assigned" to those carriers by virtue of being in the same "Admin->Carier" entry. The dialplan is shared among the entire Vicidial system in this location, with a few exceptions.

4) Security for inbound vs outbound is accomplished by having "context=trunkinbound" in the carrier's sip account entry. This value should be included in ALL carrier account entries (for inbound and oubound). To be clear: "context=" is ONLY used for inbound calls, thus ALL carrier accont entries should include "context=trunkinbound" since all calls using this feature are Inbound calls. There is never a reason for a missing "context=" nor for a context={someothevalue} and this value is not something that can be required by the carrier themselves.

5) You did not share your sip account or dialplan entries. So we can't form an opinion on that basis.

6) You did not share any asterisk CLI output that might show a call from an inbound sip account passing to an outbound account. Once again, not a lot we can guess about regarding that.

So clue us in a bit and maybe we can help you out. You could also try including the Dynamic Good Guys (or some other) firewall in your system to be certain that Only Authorized IPs can access your system. If your system is configured to make connecting easy ... and not firewalled ... it's easy for *anyone* to connect.

8-)

Re: Oubound calls from inbound queue (hacked ?)

PostPosted: Tue Apr 24, 2018 9:54 am
by macaruchi
1)
Version: 2.14b0.5
SVN Version: 2858
DB Schema Version: 1524
ViciBox 7.0.4
12 Core 32Gb Ram Server

Account Entry
[DID_IN1]
username=xxxxx
secret=xxxx
type=peer
progressinband=never
port=5060
nat=force_rport
ignoresdpversion=yes
host= xxxxxxxx
dtmfmode=rfc2833
deny=xx
deny=xx
deny=xx
deny=xx
deny=xx
context=trunkinbound
canreinvite=no
insecure=port,invite
disallow=all
allow=ulaw
allow=alaw

DialpLan Entry
-nothing-

Re: Oubound calls from inbound queue (hacked ?)

PostPosted: Tue Apr 24, 2018 10:55 am
by williamconley
You have this same information posted in two links. Pick one. Put all the information into it. Delete the other.