Obi508 Hacked
sp508:
Thanks VERY much for trying to help.
Using Verizon FiOS Router/Modem M1424WR. There is limited port forwarding see below with explanation.
Obi is not in DMZ
Not sure what you mean by signal path between Obi and ISP.
The wiring is OBi to router to Verizon. There are several computers on the system. They were all checked for viruses using AVAST and MalwareBytes. My server is behind Bitdefender.
In the past week I changed all SP passwords, GV password, I reset the router and changed the password. All the passwords were complex passwords.
I just looked at the local call history for the latest breach which occurred at 9AM EST and there were NO entries. Usually there is an indication of a call.
Is it possible my hacker is part of a 'TRUSTED' group?? I don't have any that I know of.
==================================
Router settings explanation:
100 - website
107 and ISY for conrolling lights, Teredo (don't know what that is, it seems to come automatically I think having to do with IPv6)
localhost
127.0.0.1 Verizon FiOS Service
Tcp Any -> 4567 All Broadband Devices Active
192.168.1.100
Destination Ports 8002
TCP Any -> 8002
UDP Any -> 8002 All Broadband Devices Active
192.168.1.7
Destination Ports 1031
TCP Any -> 1031
UDP Any -> 1031 All Broadband Devices Active
192.168.1.100:60301
Skype UDP at 192.168.1.100:60301 (3352)
UDP Any -> 60301 All Broadband Devices Active
192.168.1.100:60301
Skype TCP at 192.168.1.100:60301 (3352)
TCP Any -> 60301 All Broadband Devices Active
192.168.1.100:57179
Teredo
UDP Any -> 57179 All Broadband Devices Active
192.168.1.181:62294
Teredo
UDP Any -> 62294 All Broadband Devices Active
sp508:
I did this. I reset the OBi, went off site and used a computer that didn't belong to me. I started from scratch with a newOBiTalk account and ALSO put the OBI behind its own router. The hacker still got in. I think that pints to a weakness in the OBi not a keystrok logger, correct?
Quote from: LTN1 on March 07, 2016, 07:33:07 am
Just wondering if there is a malware on the OP's computers so that every stroke or change made is readable by the hacker? If that is the case, changing to the most complex password will not help if a hacker is able to determine what exactly is being typed.
I would try (this is just brainstorming) to use a completely different laptop to change all the passwords (to a complex one at that) and see if that will prevent any hack.
I would also do a malware scan of all camp related computers and laptops...including personal devices used in the past to make the changes.
One should not rule out an internal hack or at least someone having access to that person.
sp508:
If someone was following my keystrokes, why would they need to call in a bunch of times. Doesn't make sense.
Somehow they are getting into the OBi.
Is it possible that if I avoid using SP1 which is what they keep on going after, they won't be able to get in again because I have hardened the OBi??
Taoman:
The 508 apparently supports 9 VoIP accounts. Are all 9 being used for separate PhonePower lines? If not, how are they configured? The configuration changes you made should have stopped them. This makes me think they are using another route to get to your OBi.
What is the purpose of your "server?" Who all has access to it? How do they access it?
sp508:
I have 7 PhonePower accounts and one GV. The OBI508 has 8 ports but 9 SPs. I just deleted SP1 because of the problem and inserted SP9 in its place. Last time I deleted SP1 he then needed to call in to re-hack my system.
Just now when the hack was taking place. I was on a call on line 2 (SP1). I noticed that the light on line 1 (SP1) was on even though no phone calls came in.
My phone system is an old Panasonic 1232 with 12 CO lines and multiple extensions. I can therefore see which lines are being used. BUT if he 'called' into line 1 internally why would the indicated on my PBX show that light as being on???
The server is for camper registration. It is SSL.
Are you worried about the 'Teredo '
Navigation
[0] Message Index
[#] Next page
[*] Previous page