Unauthorized international calls from my GV account
Taz1004:
Below is from the InboundCallRoute
{(290906050|290936145)>(xx.):SP1},{(290906050|290936145):aa},{ph}
And looking at GV call history, it seems these calls started 6 days ago to Great Britain. I didn't notice it as it was 5 calls back then. Then it started to spam today and made me look into it when I got email from Google that my account is recharged.
RonR:
That InboundCallRoute should only be sending calls from OBiTALK numbers 290906050 and 290936145 to SP1. Calls coming from any other (or an anonymous) OBiTALK caller should be going to the PHONE Port.
You need to bring this to Obihai's attention as it appears there's a bug in the OBi firmware or someone has found a weakness in it to exploit.
Please report back what you find.
Taz1004:
I will do that. Thank you for your help.
Taz1004:
Support wasn't much help. They just told me to turn off OBiApp on my PC and observe. So that's what I did and although it's only been 2 days, calls didn't occur since. But I've turned it back on yesterday and still no international calls so I'm not sure if that was the fix or it just stopped by itself. Maybe I'll just have to observe for longer.
I thought maybe it was because my son was using torrents and he set it to use random ports. And maybe it chose the SIP port and that was dialing the numbers. But thing is that his internet access is restricted to 7pm~9pm in the router. And some of these calls happened at 4pm. And that his torrent was set to use specific port.
I can't recharge my GV account with this kind of uncertainty. Especially when I can't even get the funds reimbursed by either OBiHAI or Google.
RonR:
OBiAPP for PC is basically a SIP server running on your PC. It acts as a SIP-to-OBiTALK bridge, connecting SIP clients to your particular OBi. No password is used for authentication of SIP registrations. The only credential required is your OBiAPP for PC OBiTALK number. Consequently, if port 5060 can reach your PC from the Internet (due to forwarding, DMZ, no router, whatever), anyone who figures out your OBiAPP for PC OBiTALK number can register their SIP client and make calls using your OBi.
Navigation
[0] Message Index
[#] Next page
[*] Previous page