Business Phone Systems

Previous Thread
Next Thread
Print Thread
Rate Thread
#612150 08/23/17 06:14 PM
Joined: Feb 2010
Posts: 444
Member
OP Offline
Member
Joined: Feb 2010
Posts: 444
A lot of customers are getting hacked
Does anyone know how they are doing it
We usually just shut down international dialing
Change passwords
Its always Comcast

It would be nice to know the procedure
Someone mentioned the MC feature thu voice mail

Just wondering

Thanks

JD

Atcom VoIP Demo
VoIP Demo
Joined: Dec 2006
Posts: 83
Member
Offline
Member
Joined: Dec 2006
Posts: 83
Hacking of the SV9100
ID# 11514 | Published 4/10/2015 9:59:18 AM | Updated 4/13/2015 7:37:45 AM
Products: SV9100 Categories: PCPro, Programming Tools, Applications, WebPro, Business, Features

What can be done to protect the SV9100 from hacking?
Like other customer sensitive network equipment, the SV9100 should be placed behind a network firewall and all relative ports should be blocked from outside access. To ensure security, port 80 (HTTP) for the WebPro port, port 8000 for the PCPro port should all be secured from outside Internet access.

Along with the above network firewall protection, all user names and passwords should be set to the maximum allowed entries in PRG 90-02. User Names can be set for up to 10 uppercase, lowercase and special alphanumeric characters. Passwords can be set for up to 8 digits using only digits 0-9, * and #. Note: Unlike the User Name, all special characters cannot be used in the password. Only * and # are allowed. Avoid sequential numbers and mix in as many combinations of the allowed digits as possible. An example of usernames and passwords would be:

Username: TeSt96%K#*

Password: *538#*49

When changing the username and passwords, the changes should be documented and stored by the Associate. These changes should also be provided to the customer for safe storage.

If ports are going to be forwarded in the router for Remote Maintenance, then NEC recommends changing the default well known port numbers of WebPro and PCPro in programs 90-54-01 and 90-54-02.

In addition to changing the port numbers and system passwords as described above, if port forwarding of WebPro's port will be used (Not recommended) then you should also go to program 90-28 and change each extension password for User Pro; for the extensions that need access to User Pro; or delete the passwords for extensions that do not need access to User Pro so that it may not be accessed. This will prevent hackers from being able to make changes to individual extensions such as Call Forwarding.

Joined: Dec 2008
Posts: 221
Member
Online Content
Member
Joined: Dec 2008
Posts: 221
I have seen this on Sv8100 not Sv9100 due to the fact that mailboxes 1-64 are created at default. Hackers hack a mailbox, setup notification to an international number, call back in and leave a message in the mailbox. When the notified number gets the message left while listening they request a callback to the original sender. We have deleted all unused mailboxes. It is imperative that the end users set up a password. This happened on Christmas day and Time Warner fraud notified the customer. After a lot of investigation it happened on a actual user who did not setup a password. Hope that helps.

Joined: Sep 2004
Posts: 4,128
Likes: 1
Member
*****
Offline
Member
*****
Joined: Sep 2004
Posts: 4,128
Likes: 1
You should be removing all extra numbers from the system and deactivating mailboxes when you first program a system. Frankly they should come with NOTHING programmed IMHO save service codes.



Moderated by  ttech 

Link Copied to Clipboard
Forum Statistics
Forums84
Topics93,835
Posts636,794
Members49,652
Most Online5,661
May 23rd, 2018
Popular Topics(Views)
Today's Birthdays
ArmorSecSys, ILSMitel, IPMoni, Pweber462
Newest Members
machinegod, Gtownpaper, Lazlo, devben, bubblegum
49,651 Registered Users
Top Posters(30 Days)
ramo 13
pvj 11
Toner 9
Who's Online Now
4 members (erniejoey, Curlycord, dagwoodsystems, Marjan Shaw), 121 guests, and 20 robots.
Key: Admin, Global Mod, Mod
Contact Us | Sponsored by Atcom: Business Phone Systems | Terms of Service

Sundance Communications is not affiliated with any of the above manufacturers.
©Copyright Sundance Communications 1998-2023
Powered by UBB.threads™ PHP Forum Software 7.7.5