What is annoying most of the calls were made on a 2nd Sipgate trunk (On the same account) which I do not use & does NOT have a number assigned. I hope with 10-36 changed & no ports open should be secure & guess as not many mentioned on here the NEC generally OK.
Still surprised just in just 1 night they found the open port on the pbx & got past the password, time to open 10-36 the authentication pw (also hidden).
#Nec pc pro sl1100 code
I think can assume they can get past those hidden PW's in the config & but surprised at the ease can access the pbx at all with a different login, to be honest only had a 4 digit code (though random - was still "tech" user!!), guess a brute force attack would take seconds if the system allows rapid incorrect attempts.
#Nec pc pro sl1100 password
I guess hackers are pretty good at what they do but I could not see the admin password on 90-02, only the Dots have to re-type over. I do not have any port forwarding as seems to work without & thought if not set up is more secure without PF. If used the pbx again my concern is how do they get past firewall & NAT. What I am trying to work out is what happened & how can I stop it.ĭid they just steal the credentials and use elsewhere or perhaps that night try & fail but keep the login info.Ģnd night use on a different system or access the pbx again. In a matter of seconds I think a few thousand calls, how does that work! this time hundreds of low value calls to Egypt & other places, even locally to the UK 0116-4400011, so guess not picked up by sipgate. Was going to lock once got working or knew not helping.Ĭlosed port, change SL1100 log in PW but NOT the profile sipgate PW credentials!! Actually, stupidly did not worry as this router does not have SIP ALG and I CANNOT call out anyway so figured OK. I realised I have been testing a new router and left the IP port fully open just that 1 night. I use PC Pro but web is enabled, I will look into see if can turn this off. I was actually locked out of the pbx (unless in my panic somehow got the pw wrong but 99% sure did not) Sipgate Trunk but don't think their fault but not 100% sureįirst night got email from sipgate - call blocked to high value overseas.
Got hacked the last 2 nights & lost £91 (thankfully no more, my account top's up & stopped after 3 quick £20's, not sure why but pleased)