Obi508 Hacked
sp508:
Someone is hacking into my Obi by calling continuously on one of the lines. They somehow break in and then seem to be able, at will, to change the local Obi settings. They enable CallForwardUnconditionalEnable on 4 of the SPs to a Cuban number. When people call they are forwarded automatically. We don't receive the calls. We have obviously disabled international calls on PhonePower (our SP) but then they get a message 'international calls are not allowed')
When we reboot the Obi, the OBiTalk settings bring things back to normal.
They re-enable the 'Cuban' settings by calling the OBi directly (seemingly bypassing the Service Provider) and somehow changinf the settings.
I have tried many, many solutions without success (disabling Auto Provisioning, taking OBiTalk offline, reset the OBi an starting from scratch, programming from offsite to make sure that there is no virus in my system, setting up an additional router in front of the Obi). All to no avail.
When I look at the call history I see the following was done right before the settings are changed to Cuban mode:
21:34:09 From SP5() To PH5
21:34:09 Ringing
21:34:34 Call Connected
21:35:35 Call Ended
Any help, please, please.
Taoman:
Have never seen or configured a 50x series device so this is a guess.
Since you are using PhonePower this may be helpful if your configuration has an X_AccessList setting.
http://www.phonepower.com/wiki/Obihai_Lite#Disable_Direct_IP_Dialing
You might also look for the following setting (if you have it) under your Voice Service settings:
X_AcceptSipFromRegistrarOnly (if you find this setting, check the box and save your settings)
sp508:
Thank you so much!! I have been literally struggling with this for two weeks. Phones would be effectively disabled because they were auto forwarded. Unfortunately OBi tech support had really NOT been helpful with this.
I implemented both of your suggestions and hope it will work. It seems right.
Do you have any idea of how they get into the OBi in the first place?
It is a weird thing, the hacker calls again and again on several lines. We are Sabbath observers and will not pick up the phone on Saturday.
I have seen my home alarm central station do this. When they want to program our system they will tell us that they will be calling rapid fire several times in a row and that we should not pick up the phone. They somehow get into the alarm control so that they can program. It seems like there is some sort of weak spot in the Obi where if the hacker knows your phone number and knows that you have an OBi, he can get into your system.
SteveInWA:
Quote from: sp508 on March 06, 2016, 08:22:14 pm
Thank you so much!! I have been literally struggling with this for two weeks. Phones would be effectively disabled because they were auto forwarded. Unfortunately OBi tech support had really NOT been helpful with this.
I implemented both of your suggestions and hope it will work. It seems right.
Do you have any idea of how they get into the OBi in the first place?
It is a weird thing, the hacker calls again and again on several lines. We are Sabbath observers and will not pick up the phone on Saturday.
I have seen my home alarm central station do this. When they want to program our system they will tell us that they will be calling rapid fire several times in a row and that we should not pick up the phone. They somehow get into the alarm control so that they can program. It seems like there is some sort of weak spot in the Obi where if the hacker knows your phone number and knows that you have an OBi, he can get into your system.
While you're "hardening" your OBi, you should also change its admin password (the default is "admin"!), to a nice long random string of characters.
As for the alarm system, no, that access method wouldn't apply to the OBi. The alarm system's firmware listens for and counts rings on inbound calls. Depending on the manufacturer and service provider, the alarm system is programmed to answer the phone after a certain sequence of rings (e.g. one ring and hang up, then another ring within x seconds). When it recognizes that pattern, it answers the call, which enables it to communicate with the central station or service provider via the alarm system protocol.
SteveInWA:
Quote from: SteveInWA on March 06, 2016, 09:53:55 pm
Quote from: sp508 on March 06, 2016, 08:22:14 pm
Thank you so much!! I have been literally struggling with this for two weeks. Phones would be effectively disabled because they were auto forwarded. Unfortunately OBi tech support had really NOT been helpful with this.
I implemented both of your suggestions and hope it will work. It seems right.
Do you have any idea of how they get into the OBi in the first place?
It is a weird thing, the hacker calls again and again on several lines. We are Sabbath observers and will not pick up the phone on Saturday.
I have seen my home alarm central station do this. When they want to program our system they will tell us that they will be calling rapid fire several times in a row and that we should not pick up the phone. They somehow get into the alarm control so that they can program. It seems like there is some sort of weak spot in the Obi where if the hacker knows your phone number and knows that you have an OBi, he can get into your system.
While you're "hardening" your OBi, you should also change its admin password (the default is "admin"!), to a nice long random string of characters.
As for the alarm system, no, that access method wouldn't apply to the OBi. The alarm system's firmware listens for and counts rings on inbound calls. Depending on the manufacturer and service provider, the alarm system is programmed to answer the phone after a certain sequence of rings (e.g. one ring and hang up, then another ring within x seconds). When it recognizes that pattern, it answers the call, which enables it to communicate with the central station or service provider via the alarm system protocol.
And, change your OBiTALK account password. If you are logging into OBiTALK using a Google Voice account via OAUTH, then there are further steps to take to harden access.
Navigation
[0] Message Index
[#] Next page