Somebody is exploiting the dial back option of the voicemail system. Check to see if you have the option of calling back the user when listening to a voicemail.
Jimmy > -----Original Message----- > From: [email protected] > Sent: Thu, 16 Sep 2010 12:05:48 -0400 > To: [email protected] > Subject: [on-asterisk] Hacked? > > Can't figure out what is going on here, hoping someone can help. I am > seeing a few calls go through a remote system and can't figure out how. > > Here is the log. > > [Sep 16 14:01:01] DEBUG[7549] func_db.c: DB: AMPUSER/3905/vmx/busy/state > not found in database. > [Sep 16 14:01:01] VERBOSE[7549] logger.c: -- Executing > [...@macro-vm:6] GotoIf("Zap/31-1", "1?s-BUSY|1") in new stack > [Sep 16 14:01:01] VERBOSE[7549] logger.c: -- Goto (macro-vm,s-BUSY,1) > [Sep 16 14:01:01] DEBUG[7549] app_macro.c: Executed application: GotoIf > [Sep 16 14:01:01] VERBOSE[7549] logger.c: -- Executing > [s-b...@macro-vm:1] NoOp("Zap/31-1", "BUSY voicemail") in new stack > [Sep 16 14:01:01] DEBUG[7549] app_macro.c: Executed application: NoOp > [Sep 16 14:01:01] VERBOSE[7549] logger.c: -- Executing > [s-b...@macro-vm:2] Macro("Zap/31-1", "get-vmcontext|3905") in new stack > [Sep 16 14:01:01] VERBOSE[7549] logger.c: -- Executing > [...@macro-get-vmcontext:1] Set("Zap/31-1", "VMCONTEXT=default") in new > stack > [Sep 16 14:01:01] DEBUG[7549] app_macro.c: Executed application: Set > [Sep 16 14:01:01] VERBOSE[7549] logger.c: -- Executing > [...@macro-get-vmcontext:2] GotoIf("Zap/31-1", "0?200:300") in new stack > [Sep 16 14:01:01] VERBOSE[7549] logger.c: -- Goto > (macro-get-vmcontext,s,300) > [Sep 16 14:01:01] DEBUG[7549] app_macro.c: Executed application: GotoIf > [Sep 16 14:01:01] VERBOSE[7549] logger.c: -- Executing > [...@macro-get-vmcontext:300] NoOp("Zap/31-1", "") in new stack > [Sep 16 14:01:01] DEBUG[7549] app_macro.c: Executed application: NoOp > [Sep 16 14:01:01] DEBUG[7549] app_macro.c: Executed application: Macro > [Sep 16 14:01:01] VERBOSE[7549] logger.c: -- Executing > [s-b...@macro-vm:3] VoiceMail("Zap/31-1", "3...@default|sb") in new stack > [Sep 16 14:01:01] VERBOSE[7549] logger.c: -- <Zap/31-1> Playing > '/var/spool/asterisk/voicemail/default/3905/temp' (language 'en') > [Sep 16 14:01:02] VERBOSE[7549] logger.c: -- <Zap/31-1> Playing > 'transfer' (language 'en') > [Sep 16 14:01:03] DEBUG[7549] app_macro.c: Executed application: > Voicemail > [Sep 16 14:01:03] VERBOSE[7549] logger.c: -- Executing [...@macro-vm:1] > BackGround("Zap/31-1", "one-moment-please") in new stack > [Sep 16 14:01:03] VERBOSE[7549] logger.c: -- <Zap/31-1> Playing > 'one-moment-please' (language 'en') > [Sep 16 14:01:03] DEBUG[7549] app_macro.c: Oooh, got something to jump > out with ('9')! > [Sep 16 14:01:03] DEBUG[7549] app_macro.c: Oooh, got something to jump > out with ('9')! > [Sep 16 14:01:21] VERBOSE[7549] logger.c: == CDR updated on Zap/31-1 > [Sep 16 14:01:21] VERBOSE[7549] logger.c: -- Executing > [9141128008719995...@from-internal:1] Macro("Zap/31-1", > "user-callerid|SKIPTTL|") in new stack > [Sep 16 14:01:21] VERBOSE[7549] logger.c: -- Executing > [...@macro-user-callerid:1] NoOp("Zap/31-1", "user-callerid: ") in new > stack > [Sep 16 14:01:21] DEBUG[7549] app_macro.c: Executed application: Noop > [Sep 16 14:01:21] VERBOSE[7549] logger.c: -- Executing > [...@macro-user-callerid:2] Set("Zap/31-1", "AMPUSER=") in new stack > [Sep 16 14:01:21] DEBUG[7549] app_macro.c: Executed application: Set > [Sep 16 14:01:21] VERBOSE[7549] logger.c: -- Executing > [...@macro-user-callerid:3] GotoIf("Zap/31-1", "0?report") in new stack > [Sep 16 14:01:21] DEBUG[7549] app_macro.c: Executed application: GotoIf > [Sep 16 14:01:21] VERBOSE[7549] logger.c: -- Executing > [...@macro-user-callerid:4] ExecIf("Zap/31-1", "1|Set|REALCALLERIDNUM=") in > new stack > [Sep 16 14:01:21] DEBUG[7549] app_macro.c: Executed application: ExecIf > [Sep 16 14:01:21] DEBUG[7549] app_macro.c: Last app: Set|REALCALLERIDNUM= > [Sep 16 14:01:21] VERBOSE[7549] logger.c: -- Executing > [...@macro-user-callerid:5] NoOp("Zap/31-1", "REALCALLERIDNUM is ") in new > stack > [Sep 16 14:01:21] DEBUG[7549] app_macro.c: Executed application: Noop > > Robert Brock > Telecom Administrator, MKS Inc., www.mks.com<http://www.mks.com> > Waterloo, ON, Canada > Tel: 519-883-3243 or 800-265-2797 x3243 > Fax: 519-884-8861 ____________________________________________________________ TRY FREE IM TOOLPACK at http://www.imtoolpack.com/default.aspx?rc=if5 Capture screenshots, upload images, edit and send them to your friends through IMs, post on Twitter®, Facebook®, MySpace™, LinkedIn® – FAST! --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
