We recommend all partners with 3CX Phone System servers which have the web server port exposed to the internet to secure their provisioning directory against brute force hacking attempts. This can be done easily as follows:
1. If using 3CX Phone System v9 with the Abyss web server – upgrade to service pack 4. This will automatically activate the anti hacking feature on Abyss.
2. If using 3CX Phone System V9 with IIS 7, install the “Dynamic IP Restrictions” feature of IIS according to the instructions in this article http://www.3cx.com/blog/releases/3cx-version-9-service-pack-4/
3. If using 3CX Phone System v9 with IIS 6, use the “IP Address and Domain name restrictions” feature.
We strongly recommend that any partner with 3CX Phone System upgrades to version 9 and service pack 4. More information on service pack 4 can be found here: http://www.3cx.com/blog/releases/3cx-version-9-service-pack-4/
Partners running earlier versions of 3CX Phone System with valid upgrade insurance can upgrade free of charge. If your upgrade insurance has expired, please see upgrade pricing here: 3CX Version Upgrades