atcomsystems.ca/forum
Posted By: doghart Hacked elitemails - 10/29/07 08:29 PM
Well, over the weekend I had 3 different elitemails get hacked for outbound LD calls on several mailboxes on each system.

I see this once or twice a year, but 3 in one weekend, wow!

Seems they've figured out the default password on the new elitemail systems now too. I've been using the same default on the LX's, so I can use the same training docs, but I thing it's time to come up with something unique for my customers.

I'm deleting all unused vm boxes and turning of trunk-trunk on these vm's, anything else I should do as a precaution?

I still have mgr access on all 3 vm's.

D
Posted By: R4+Z Re: Hacked elitemails - 10/29/07 11:44 PM
Instill in the users the need to not use their extension number as the password.
Posted By: Keighlar Re: Hacked elitemails - 10/30/07 04:58 AM
Can you add toll restriction to your voicemail ports on this voicemail? The intramail allows you to change these settings which is something I do for all my customers.
Posted By: doghart Re: Hacked elitemails - 10/30/07 06:32 AM
Toll restriction is an excellent idea.

They do use the VM to do offsite xfers out of state, but not overseas. All of the calls were to India.

They had accessed a mailbox that was unused and went through the setup procedure and set the xfer to = '9'.

I deleted all unused mailboxes and set SC's on all that did not have them. Lucky that I always set an admin password, I have seen them change the password on the main admin so you can't access the vm to lock them out. crafty devils!

D
Posted By: smoom Re: Hacked elitemails - 10/30/07 09:57 AM
Wow 3 in one weekend, I had a hospital that got taken for $4500 in long distance calls before anyone noticed on a 40 port AD40. I have mandated in my company that all voicemail systems get toll restriction for the voicemail ports and change the default security code on every system. At least on the newer LX's they can not mess with the $ log on.
Posted By: telephoneguy Re: Hacked elitemails - 10/30/07 10:47 AM
There's a setting in the elite that prevents voicemail from accessing an outside line. If you do not have notification to pagers or cell phones, set this setting to deny out-dialing from voicemail.
Posted By: telephoneguy Re: Hacked elitemails - 10/30/07 10:56 AM
Also, PageDown through the mailboxes and scan for "transfer" set 9, or 9011, etc., and for notifications set to 9011632xxxxxxxx (a pager in the Phillipines).

This will also let you not which mailboxes have no security code (SC appears on mailboxes with security codes). Report these mailboxes to the customer contact and "strongly advise" enforcing a password policy.
Posted By: IPKII Re: Hacked elitemails - 11/03/07 04:54 AM
By default the new Elitemail has remote access to notification settings turned off. I always inform my customers about the danger of "hackers" & to use good security codes & don't enable any mailboxes that are "un-manned".

We always change the default admin passwords on our systems.
Posted By: paulw Re: Hacked elitemails - 11/04/07 11:53 AM
Yes the LX is not "hackable" as the old DOS one was . I tried the same methods in my lab but they don't work unless you can access via system web admin..
Posted By: David Sobel Re: Hacked elitemails - 12/22/07 06:51 PM
If you do not have it setup on the systems set up SMDR. It will show what line the call came in on, this call will be at the same time that the call to India was made and be about the same duration. Since they have call ID most likely blocked you will not see their number. But the phone company will have a record of the call they will most likely not give it to you but they will give it to law enforcement folks. The phone company keeps this info almost forever even if they do not admit it
Posted By: nikola69 Re: Hacked elitemails - 02/05/08 02:59 PM
Folks,
I have been hacked recently on an old DOS VM on the Elite IPK myself. What I finally found that seemed to work perfectly is the "Trunk Outgoing Restriction" settings (4-19). I set each CO as restricted for my VM ports ONLY! Then I tested by setting the transfer setting on a VM box to our outside line dial number and it just sends you to dead air when you access that particular subscriber box. This will NOT work for any situation where VM is required to forward to an outside line but in my particular case this is not required so it seemingly worked like a charm. I'm hoping one of you with much more experience than I can confirm this (Chris, DrPBX?) but it's working for me. However, in the case of a requirement for VM to transfer to an outside number where does one go to set the toll restriction on the old DOS elitemail? As always, thanks to all the mods and helpful posters in the forums. You folks are the best!
Posted By: jrumann59 Re: Hacked elitemails - 02/05/08 05:20 PM
On the the Aspire side this common also the one thing I tried to do is make sure none of the default greetings were in easily accessible boxes so that "fishers" couldn't easily recognize the default voice in the VM, I know the aspire has a default modem box and I made it a habit of changing to from default to something pretty obscure. I know the Elites do not have modem boxes but just a little FYI.
© Sundance Business VOIP Telephone Help