Box Hacked

I think one of my boxes has been hacked.
I found a strange IAX2 extension and outbound routes had been changed to .9| and 011. I changed them back to NXXXXXX, but now when I dial anything on had sets it just rings all the phones in the office.

Im going to install a new box ASAP but I gotta get dial out working any suggestions?


May the force be with you, witdirect- mine got hit and I had to rebuild it and cover a $25k long distance bill for calls to Somalia from the US.

Are there any new ring groups that weren’t there before? Might as well start by checking the simple things, though I can’t imagine why a hacker would want to create a new ring group.

Also look for duplicates of existing extensions.

I have international dialing turned off with provider, so they cannt call outside the states.

Was your box behind a router with no ports forwarded?

No public static with iptables and fail2ban