Member Facilities block access on 3 failed password attempts

Help improve Exetel's services (a Suggestion Box is also available in your member facilities)
Post Reply
ndc
Posts: 4
Joined: Sun May 24, 2009 2:08 pm
Location: Melbourne

Member Facilities block access on 3 failed password attempts

Post by ndc » Sat Dec 10, 2011 11:59 am

My VoIP account was recently compromised. The password on my VoIP service was a generated password and was unlikely to be brute forced. However, the password to the Exetel Members Facilities portal was not as strong.

I suspect that the unauthorised user gained access to the Member Facilities portal by brute forcing this password. Once they gained access to the portal, they were able to obtain the VoIP service's password as well as updating the service's configuration to forward incoming calls to their number.

The fact that my service's configuration was updated to forward incoming calls supports my theory that the Member Facilities password was brute forced - rather than a compromise in my VoIP setup, routers, network, etc. My outbound call logs also supports this theory as none of the unauthorised calls appear in the logs.

Can a block account on 3 failed password attempts rule be enforced on the Members Facilities portal log in?

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Member Facilities block access on 3 failed password atte

Post by Dazzled » Sat Dec 10, 2011 1:32 pm

That's a question I'll leave for SysAdmin when he comes by. But have you also disabled external access to your modem? Never allow external access without an extremely strong non-default login name and password.

The reason is that is is trivial to locate always listening VoIP services (look up SIPVicious for example). Your modem log won't report something that emulates valid traffic. Next an attempt can be made to enter on the telnet or tftp management interfaces if they are found open to outside your network. Most modem passwords are default, and even if the browser interface doesn't show the VoIP password, the config files certainly do. Soon afterwards someone overseas is using your account - it gets in the news from time to time, eg http://www.zdnet.com.au/wa-police-chase ... 313074.htm. The international call barring that Exetel now activates by default is to limit the usefulness of stolen data to those who would use your Exetel account for non-Australian calls.

ndc
Posts: 4
Joined: Sun May 24, 2009 2:08 pm
Location: Melbourne

Re: Member Facilities block access on 3 failed password atte

Post by ndc » Sun Dec 11, 2011 1:04 pm

I don't have external access enabled on my router.

Are there access logs for the Members Facilities portal which can be viewed to see if there was any suspicious activity? I'd be interested in the logs for the days leading up to 10 Dec 2011.

raymond
Exetel Staff
Posts: 345
Joined: Thu Mar 04, 2004 2:46 pm

Re: Member Facilities block access on 3 failed password atte

Post by raymond » Mon Dec 12, 2011 9:52 am

Please email your account details to raymondl@exetel.com.au. We will help you on the investigation.

Post Reply