Text only | Text with Images

OBiTALK Community

General Support => Day-to-Day Use => Topic started by: sp508 on February 18, 2016, 06:41:09 AM

Title: Obi508 Hacked Any Ideas
Post by: sp508 on February 18, 2016, 06:41:09 AM
My Obi508 was hacked and someone is forwarding calls to Cuba. PhonePower (my provider) is billing me for these calls.

When I reboot the Obi the problem goes away. Them several hours later the problem reoccurs. Can you please help me troubleshoot the problem.

Insights:
- They must have some sort of virus internal to my network because whenever I reboot the ObiTalk setting take effect and whatever they have done is erased. So there is some internal programming done to the Obi device to forward the calls to Cuba.

- I did Avast full scans (network, virus, outdated software, etc) with no virus showing up.

- I tried changing the administrative password on the Obi (by going into the Obi via its local IP address. But after changing the password, it resets to admin/admin.
Does anyone have any ideas???
Title: Re: Obi508 Hacked Any Ideas
Post by: azrobert on February 18, 2016, 07:18:36 AM
If you use the local interface to configure your OBi you must disable OBiTalk auto provisioning, otherwise OBiTalk will overlay any changes you make.

System Management -> Auto Provisioning
Under OBiTalk Provisioning
Method: Disabled

Now change the password.
While you're at it, disable ITSP Provisioning.

Do you see these calls in the Call History?
Click Status then Call history.
Title: Re: Obi508 Hacked Any Ideas
Post by: azrobert on February 18, 2016, 07:45:41 AM
If your analysis is correct, after a reboot OBiTalk might be overlaying the hacked configuration, so maybe you should leave OBiTalk provisioning method to Periodically and change the Admin password from OBiTalk.

From the Dashboard click the gear icon next to the OBi508 then change the Webpage Admin Password and Save.
Title: Re: Obi508 Hacked Any Ideas
Post by: sp508 on February 18, 2016, 09:11:18 AM
Thank you so much for your help. My delay in responding is because they also hacked into my house's Insteaon ISY control (which also had an user/password as admin/admin).

Back to my obi: After I discovered that they forwarded my calls to Cuba I rebooted my Obi and things went back to normal (until they did it again). This happened multiple times. Doesn't that tell me that the ObiTalk setting were not hacked. Doesn't it tell me that they were making changes locally?

I tried your suggestions and the device now is not resetting my password user/password to admin/admin

I am not understanding how this works:
1. I assume it is possible to change the password via ObiTalk? But each time is seems to reset back to admin/admin
2. If I disable provisioning, I assume that will not be able to use ObiTalk to do my programming? If that is true it is a problem for me because I don't know how to do expert programming (and prefer not to learn).
Title: Re: Obi508 Hacked Any Ideas
Post by: azrobert on February 18, 2016, 12:31:04 PM
You won't be able to configure the OBi508 from OBiTalk with ObiTalk Provisioning disabled. Did you see my 2nd post? Did you check the Call History for these calls?
Text only | Text with Images