Messages

1

Mitel MiVoice Business/MCD/3300 / Re: "Toll-fraud" compromise and VM mailbox DB is gone; what are my options?

« on: February 10, 2017, 09:11:31 AM »

Thanks!

I ended up just using a previous full backup and not injecting anything; we're good to go. Appreciate the write-up!

2

Mitel MiVoice Business/MCD/3300 / Re: "Toll-fraud" compromise and VM mailbox DB is gone; what are my options?

« on: February 09, 2017, 07:42:14 PM »

I would fully support paying standard/emergency hourly rates on this, if someone would be commercially available to assist; I think I could be fine with 5 minutes and a few questions answered.

3

Mitel MiVoice Business/MCD/3300 / Re: "Toll-fraud" compromise and VM mailbox DB is gone; what are my options?

« on: February 09, 2017, 06:39:54 PM »

I do not and we live in a very remote area and nearest Mitel vendor (which is our VAR) is an hour away and they are by and large not very knowledgable... so I'm stuck on my own and I will be looking for someone more national in the future to support us remotely. However, I need to take action tonight. I know Mitel is very tight about not giving out information to end users, but if one would not provide me guide, would you point me in correct direction as to which directories within the backup hierarchy are for the VM Mailboxes; I want to ensure to get only those. Thanks for any assistance you can provide.

4

Mitel MiVoice Business/MCD/3300 / Re: "Toll-fraud" compromise and VM mailbox DB is gone; what are my options?

« on: February 09, 2017, 05:35:24 PM »

So I grabbed the .tar file backup from previous, and just made a new backup now.

I see the folder hierarchies are vmail\temp\db\backup and in there is another vmail folder, which I suspect is "just the vm database."

Thoughts on grabbing this out of old backup, and putting in tar file in new backup, re-taring it back up and restoring? This would preserve all of our system settings while restoring VM mailboxes. Caveats/risks?

5

Mitel MiVoice Business/MCD/3300 / "Toll-fraud" compromise and VM mailbox DB is gone; what are my options?

« on: February 09, 2017, 04:50:44 PM »

Received a call that secretary operator extension is not working; a test into auto attendant showed that "0" went to an invalid number. Looking in the WUI, sure enough, extension 0 is forwarded to some cell number in California... odd that it wouldn't have been a high toll number outside the US? From reading up on this, it appears this can happen if a caller calls in via main telephone number and accesses either the admin or operator mailbox via a default PIN code (something that should have been changed by installers), or by guessing another users PIN code and doing a call forwarding and some sort of privilege-type escalation to replace the system wide operator extension to their number.

However, the catch is, all our VM mailboxes are now gone... all that exists is the "0" pointing to their number, and a 99 that points to an admin mailbox. How in the world would this have happened... I can understand the vulnerability of changing operator extension via what I've read, but how would they have "gotten in" the system. It is not accessible to the outside world and only over Cisco SSL VPN and only our vendors have this profile. Our SIP communication is only allowed to originate from two IP addresses belonging to our provider, Flowroute.

Not sure how this happened; was this all done over the phone?

With the VM Mailbox DB now gone, what are my options?

We have a backup from 18 months ago; can we grab only the mailbox DB via a restore and put that in place, and then just add the new user VM mailboxes since that restore?

How do I go about verifying/changing Technicians,Managers and Admin passwords; not sure if our installer ever did.