NEC SV8100 Issues

[siggi123]

Hi all,

could use some help with an NEC SV8100.
We had been hacked. Since then when you lift a headset we do not get a line. We have to
lift the handset numerous times to get a dial tone.
Who could tell me where to look?

I have access to webpro and pc pro. Unfortunately the firmware is old, 4 point something.
Our phone guy who set this up is out of business.

Can't figure out where to look.

We assume that the hacker came through voice mail. Would also love to upgrade the firmware, but can't find anything.

Any help would be highly appreciated.

 

[CoralTech]

My suggestion is to find an NEC dealer near you ASAP. If you think you have need hacked you should disconnect the system from the network ASAP (unless VOIP) If so you need to make sure all outside ports are closed to that system. You would then need to look into the VM to see if they have something "hacked" to grab outside lines.

 

[siggi123]

@CoralTech
We are left stranded when it comes to NEc Dealers. No one is servicing this thing anymore in our neck of the woods. Any idea what to look for in VM?
It is VOIP btw. What is baffling is it started with getting outside lines. We have 8 lines and when we lift a handset a line and dial tone came up automatically, then we noticed that when lifting a handset we had no dial tone. It showed one of the 8 lines but only 2 give a dial tone and outside line for us.

 

[CoralTech]

Where are you located?

 

[siggi123]

We are in germany

 

[CoralTech]

What VM are you using?

 

[siggi123]

Version NEC SV8100 R6
Main Software 04.01
PZ-VM21 Installed

 

[CoralTech]

Check 47-02 to see what MB are active.

The check 47-20 and 21 to see if you have indeed been hacked in those mb.

 

[siggi123]

47-20 and 21 have checkmarks placed everywhere.

 

[CoralTech]

Ya but are there phone numbers.

 

[siggi123]

Can't see any phone numbers.
The way the hack is going on is as follows. Some other hacked companies, mostly hotels call our line in absence, during weekends, holidays. Then our line dials international numbers and we are getting charged for them. In toll restriction we have set up country codes not to dial. When the hack is going on these numbers have been deleted. So they have gained access somehow. We have switched and changed ip numbers, blocked ports, so they are entering most likely through different means. It also appears the case that the other hacked companies use NEC products as well.

 

[siggi123]

Prior to all of this we had extension(s) dial a stored number within the system all by itself while we were sitting next to the phone. Example given: Phone dials a stored number with the handset resting, speaker on, and calls the bosses cell without anyone doing a thing.

 

[OzzieGeorge]

First thing I would be doing is changing all the usernames used to log into the system (make sure you get the manufacturer level login). Don't bother changing the passwords as they are numeric only and easily hacked. However in order to access the programming of your system remotely, they need a username and password and the username can be as complex as you want. Next change all voicemail passwords and if is not needed restrict all the voicemail extensions at the very least stopping them from premium numbers and international numbers. You really need assistance with this and as the system is obsolete, I don't rate your chances with NEC. That said, the systen can be upgraded to a SV9100 with a special license and new processor which would put you back in the support window with NEC!

 

[siggi123]

@ozziegeorge
We pretty much did all this, except upgrading to a 9100. I think that another major problem is running on the 4.01 Firmware. Where would I block voicemail alltogether? We don't really use it. Only way I see them getting in is going through our answering machine.

 

[OzzieGeorge]

The voicemail is your built in answering machine. you need to restrict the extensions associated with this so that they have no outgoing access. I don't have the 8100 PcPro on this laptop so I can't tell you which they are likely to be (also Aus may be different to where you are) check the last department group and then restrict those extensions to outgoing calls.

 

[siggi123]

@ozziegeorge
We use an external answering machine we restricted that ones access. Whoever calls in gets connected to the external answering machine. I can see that there is also voice mail within the NEC. Just wondered if one checkmark could just disconnect the entire internal voice mail for every extension, the entire NEC box. We also just fixed our routers. Still having an issue with the extensions getting the next available line. While all automatic trunk seizures are checkmarked each extension tries to get dead lines first, for example line 6, 7 and so on instead of Line 1-4. Each extension ahs to hang up and pick up until it gets to dial outside with an available line.

 

[OzzieGeorge]

Oh my, You either have to find a tech or replace your system completely! You have serious issues but no support at all. I have a customer in a similar situation (much larger system , a major Metro hotel and they think they are in control!) Problem is the system is obsolete and needs replacing! Issue with my customer is they don't know the password and I am one of the few people who still know how to hack an IPS password (here in my state) and they are playing silly bu@@ers with payment of my invoice. I will put the word out to my colleagues and I think that means they need to replace the system ASAP!

So with that as an example how do we help you?

 

[siggi123]

@OzzieGeorge
Figured everything out. System is up and running and clean of the crap.Dove into the manual and figured out what they had changed. Hotels are the ones that got hacked and routed calls to us. Thinking about updating the software but not sure where to find that. But we are good for now it seems.