DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Fruadulent calls being made through a 2820IPPBX
- orangehand
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
26 Jan 2011 10:43 #65865
by orangehand
Fruadulent calls being made through a 2820IPPBX was created by orangehand
This is a copy of an email I have sent to Draytek AND Draytel support: anyone have anything to add?
I have installed at the end of last year a 2820IPPBX with a client, with one Vigorphone 350 set up as a VOIP test for a possible migration to an all VOIP system. They complained last week that their call credit with Draytel (their only outgoing trunk of any type) was being sapped rapidly.
On examining the call records, all the calls, all to international destinations, were coming from x901, which was set up as the analog extension in index 50. I am sure that I never enabled either the Analog extension nor the ISDN extension in indexes 49 and 50, but they were enabled when I checked. Are these extensions enabled or disabled by default?
Following this discovery I did the following:
Checked that there was no analog phone plugged into the router - there was none
Changed the Draytel SIP password and entered the new one in the router
Changed the router admin password
Disabled indexes 49 and 50.
This was done on the 20th Jan
HOWEVER, from the attached screenshot, (not attached here, but it shows loads of calls being made to dodgy countries from x901, both before and after the changes I have outlined here) outgoing calls are still being made from 901, which is disabled in the extension settings on index 50 (ie analog phone) and has been since the morning of Jan 20th. The call failures are possibly due to there being no credit on the account, on my advice, until this is sorted.
How on earth can this be happening? There seems to be a backdoor thing going on here. I am a little peeved that Draytel informed us all that they had not had any actual incidences of this in their advisory email, when I had already reported this to them.
I have installed at the end of last year a 2820IPPBX with a client, with one Vigorphone 350 set up as a VOIP test for a possible migration to an all VOIP system. They complained last week that their call credit with Draytel (their only outgoing trunk of any type) was being sapped rapidly.
On examining the call records, all the calls, all to international destinations, were coming from x901, which was set up as the analog extension in index 50. I am sure that I never enabled either the Analog extension nor the ISDN extension in indexes 49 and 50, but they were enabled when I checked. Are these extensions enabled or disabled by default?
Following this discovery I did the following:
Checked that there was no analog phone plugged into the router - there was none
Changed the Draytel SIP password and entered the new one in the router
Changed the router admin password
Disabled indexes 49 and 50.
This was done on the 20th Jan
HOWEVER, from the attached screenshot, (not attached here, but it shows loads of calls being made to dodgy countries from x901, both before and after the changes I have outlined here) outgoing calls are still being made from 901, which is disabled in the extension settings on index 50 (ie analog phone) and has been since the morning of Jan 20th. The call failures are possibly due to there being no credit on the account, on my advice, until this is sorted.
How on earth can this be happening? There seems to be a backdoor thing going on here. I am a little peeved that Draytel informed us all that they had not had any actual incidences of this in their advisory email, when I had already reported this to them.
Please Log in or Create an account to join the conversation.
- voodle
- Offline
- Big Contributor
Less
More
- Posts: 1139
- Thank you received: 0
26 Jan 2011 10:46 #65866
by voodle
Replied by voodle on topic Fruadulent calls being made through a 2820IPPBX
Is that with 3.5.5 or 3.5.5.1? If it's with the latter, do you have registration over the WAN disabled?
Please Log in or Create an account to join the conversation.
- orangehand
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
26 Jan 2011 10:48 #65867
by orangehand
Replied by orangehand on topic The firmware is 3.5.5_232201
see subject!
Please Log in or Create an account to join the conversation.
- voodle
- Offline
- Big Contributor
Less
More
- Posts: 1139
- Thank you received: 0
26 Jan 2011 21:15 #65883
by voodle
Replied by voodle on topic Fruadulent calls being made through a 2820IPPBX
I see, yeah you should update to the 3.5.5.1 firmware, which you can get here:
ftp://ftp.draytek.com/VigorIPPBX%202820/Firmware/V3.5.5.1/AnnexA/IPPBX2820V3.5.5.1A232201.zip
That's got an option under IPPBX > PBX System > SIP Proxy settings to disable registration from the WAN - if you've only got local extensions then try that and see if it helps.
That's got an option under IPPBX > PBX System > SIP Proxy settings to disable registration from the WAN - if you've only got local extensions then try that and see if it helps.
Please Log in or Create an account to join the conversation.
- admin
- Offline
- Site Admin
Less
More
- Posts: 1723
- Thank you received: 0
26 Jan 2011 23:58 #65890
by admin
Assuming you're quoting accurately, presumably they sent or wrote their email BEFORE you reported your problem, in which case, that's quite unfair!
Forum Administrator
Replied by admin on topic Re: Fruadulent calls being made through a 2820IPPBX
not had any actual incidences of this in their advisory email, when I had already reported this to them.orangehand wrote:
Assuming you're quoting accurately, presumably they sent or wrote their email BEFORE you reported your problem, in which case, that's quite unfair!
Forum Administrator
Please Log in or Create an account to join the conversation.
- orangehand
- Topic Author
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
27 Jan 2011 12:40 #65903
by orangehand
If so I apologise, but I sent my email to them before I received the advisory from them. Am happy to accept that they may well have crossed in the post!
Mea Culpa.
Replied by orangehand on topic Re: Fruadulent calls being made through a 2820IPPBX
admin wrote:
not had any actual incidences of this in their advisory email, when I had already reported this to them.orangehand wrote:
Assuming you're quoting accurately, presumably they sent or wrote their email BEFORE you reported your problem, in which case, that's quite unfair!
If so I apologise, but I sent my email to them before I received the advisory from them. Am happy to accept that they may well have crossed in the post!
Mea Culpa.
Please Log in or Create an account to join the conversation.
Moderators: Sami
Copyright © 2024 DrayTek