Trixbox making unauthorised calls

help! Stay with me please.... I know lots about Microsoft systems but nothing about Linux or PBX systems
However one of my customers has just dumped a Trxibox CE machine on me with a request to find out whats wrong

The machine in question is a Dell server running Trixbox CE 2.6.18-1.11.4-18e
Its used as a PBX in a cinema. There is no broadband connection - it has one external phone line, and four internal extensions.
Its been running without supervision for years. In the last few weeks its suddenly racked up well over £2500 in overseas calls
Its clear that that the machine has been hacked
Question is, how considering theres no broadband connection, just the phone line
What do I do to stop the problem?
And where can I look to gather evidence of whats happened?

Apologies for asking what a clearly newbie questions. I wouldn't normally tackle something so out of my range, but the customer more or less dumped this one on me in despair



Re: Trixbox making unauthorised calls

There is two possible points of entry that spring to mind.

1) Hackers could of gained access over the network or internet connection.
You mention that the PBX isn't corrected to the internet, however it's predominantly a VoIP PBX, so I would imagine it's connected to a network to allow VoIP phone's to use the PBX. It may be an incorrectly configured firewall is allowing people to access your PBX's configuration and/or SIP port.

2) Someone has gained access to a DISA.
A DISA allows people to call in to a number, hear a dial tone, and then dial out of the PBX. I believe other services can also be abused if incorrectly configured. I would advise checking through the DISA's and other features and disabling those that are not needed, and password protecting any externally accesible features that you require.

Additional PBX security advice
Running your own PBX can be dangerous, as people with incorrectly configured PBX's can become a victim of toll fraud, as you have discovered. This threat can be minimised by using good security methods.

a) Upgrade to freePBX.
freePBX is a fork of Trixbox. It is very similar in use to Trixbox, although it is more up to date, and has more features. These include security features that prevent you from using short passwords, and can also help to prevent hackers from brute forcing extension passwords, by blocking multiple failed password attempts.

b) Lock down firewall.
No external access from the internet should be allowed to reach your PBX. All ports should be closed, including 22, 80, 443 and 5060-5070. In situations where you have phone's on other sites, or need to access the PBX remotely, a VPN or SSH tunnel should be utilised so only authorised users / sites can access the PBX.

c) Use dial plans to prevent expensive and international calls.
Asterisk based PBX's such as Trixbox and freePBX have powerful dial plan rules, which allow you to block certain number prefixes such as 00 (international) and 09 (premium rate). If someone manages to register a VoIP phone to your PBX, but doesn't have access to the configuration, they would be unable to call international or premium rate numbers.

d) Switch to Voipfone
Not only is Voipfone likely to work out cheaper than your current PSTN service, they also keep an eye out for unusual calling patterns, which means situations like these are noticed quicker and can be resolved before a huge bill is racked up. (It's still your responsibility to secure your PBX and pay for any fraudulent calls, but Voipfone will usually make you aware of any security breaches before its too late)

Alternatively you could use their 100% hosted solution, so you no longer have to worry about the administration and security of your own PBX.

I hope this helps.
For everything VoIP

Who is online

Users browsing this forum: No registered users and 2 guests

Copyright 2004 - 2017, iNet Telecoms® Ltd. All rights reserved.