One of the sip trunking companies I use recorded 147 minutes to Ghana using the sip credentials that only reside on my S100 in the trunk setup, and on the providers interface of course. The provider claims I was hacked but I don't see it. I had the last firmware in place at the time, i've recently updated to the current, the pbx is on a static ip direct facing the wan, and the lan, The sip company recorded 147 minutes using my account id and password, which is only recorded in the S100 - the s100 is set to ping the trunks to verify alive at like 3600sec but how could someone completely external to me, on some other net in a different locale have been able to snoop that communication? Is the s100 not nearly as secure as I had hoped? I am at a loss here I have looked at all the system logs for that day, recorded to the debug level, and I see nothing that says the pbx made any of these calls, but... the only way they could have gotten the info used, ie my account info, a 12 digit alphanumeric password, is from the s100. I am at a loss here. Help please. TIA
3 comments
-
Oscar Colka Jeff, I think it is not safe configure a public IP address for the PBX as if doing so, the PBX is open to public internet. You will need to setup a lot of security rules to protect your devices from being hacked.
Back to your case, it is a little bit strange. I didn't experience this kind of issue before. I would suggest you to submit a ticket to report this issue and ask help from Yeastar Support Team directly.
-
Sandro Oliveira For something like this you would have to set up properly, honestly I would pick a proper router with firewall to do this and NAT the traffic, but if you want to connect your PBX directly to the internet then you should make sure you have "drop all" on your firewall settings and then allow only what you need, preferably with specified IP sources.
Set your exceptions before you activate "drop all" to make sure you don't lock your self out of the PBX.
-
Larry Neblett Jumping out on a limb here, but perhaps there is another possibility. Note that the S PBX has SSH functionality and uses a Yeastar provided default user name and password which can be found by going to the Yeastar support portal and doing a search for "SSH". The user and password combo is not affected by Web user credentials, but is static. Unless you had/have SSH disabled, then anyone can access the system and conceivably get info about the PBX which may include un-encrypted details to include your provider details. Yeastar suggests disabling this function, but I do not recall if it is enabled or disabled by default and I guess that many might overlook it. It would only take someone to scan for open ports, find the user web interface port whereupon by using a web browser the log in screen will identify the make and model of the device thereby making it somewhat easy to get into about what access might be had. Now then, while I have used SSH to explore, I cannot attest that credentials can be obtained, but I have done this using some linux based routers and have been able to. I assume if one knows where to look and knowing the core is Asterisk, that it is feasible.
Like Sandro, I never expose any make or model of an IP-PBX to the internet directly. I use other makes than Yeastar and I have a strong opinion about a proper firewall having more control and security than a phone appliance/system and I am also of the opinion that I would prefer the firewall taking on the task of protecting things rather than having the PBX spending precious CPU cycles doing firewall work in addition to its phone functions.