A colleague mentioned they recently had a system hacked. Customer was using port forwarding (changed port from default) and hackers got into the system using the NECII login name (password had been changed from default too).
The hackers got into the DID and call forwarding tables and routed calls overseas. They then went in a couple days later and changed it back. Colleague was able to see in the modification history what areas of programming they got into.
He has since wiped out all user login names to try to prevent it from happening but, is it possible to change the NECII account to "prohibited" user before logging out and then be able to set it back to "manufacturer" or once it is set to "prohibited", it won't have access to change it back?
Other option is the try to change the username NECII to something different. Don't like messing around with that account just in case we can then not get back in to correct it. Be something to play around with on a new system where it could just be factory reset.
The hackers got into the DID and call forwarding tables and routed calls overseas. They then went in a couple days later and changed it back. Colleague was able to see in the modification history what areas of programming they got into.
He has since wiped out all user login names to try to prevent it from happening but, is it possible to change the NECII account to "prohibited" user before logging out and then be able to set it back to "manufacturer" or once it is set to "prohibited", it won't have access to change it back?
Other option is the try to change the username NECII to something different. Don't like messing around with that account just in case we can then not get back in to correct it. Be something to play around with on a new system where it could just be factory reset.
