Is there a place, or should there be a specific category to talk about hacks and attacks on FreePBX?
I frequently find some mysterious abuses of my FreePBX instance on AWS. They come in bursts where it appears someone has figured out how to make calls through the SIP trunks to the PSTN appearing to be one of my legitimate extensions. When I notice it I am able to lock them out, but it sometimes takes a few hours and they have already racked up fees. I have the firewall in place and all the protections I can create and still allow my clients to function. It almost seems that somehow someone is able to guess the auto-generated user password for the extension. Since there is relatively little probing traffic (certainly not enough to brute force those passwords) I am wondering if the FreePBX password algorithm is somehow compromised or if there is some way that someone has seen the password being sent.
Does anyone else experience this? Does anyone have a solution to it? Does anyone have any insight into how this is actually being done?