One of the SIP accounts I have registered as a trunk here got hacked and someone burnt up all my call credit on that account. I contacted that provider and they said that "the firewall on your asterisk box is not configured correctly."
They have suspended my account until this is cleared up, so at least no further charges can be racked up.
None of the calls show up in my call monitor here, so what actually happened, and how do we prevent this from happening again?
|Thank you for contacting us, the fraudulent activity you are describing is due to the Asterisk box on your account not having been installed correctly.
As an instant security measure we have suspended the SIP accounts to prevent any further outgoing calls on the account which may have a negative monetary affect.
Please make sure that the firewall being used on your device is up to date and fully secure and that your device cannot be accessed by any public or third parties.
Our recommended firewall settings are as follows:
1. Allow all traffic from and to IP range of XX.YY.ZZ.0/24 (Whole Subnet).
2. Make sure SIP ALG is disabled.
3. UDP - Alive time out needs to be set to 200 seconds
Once this is completed, you need to change all of your SIP usernames and SIP passwords as these details have been compromised.