CDR stuffed with intenal unused extensions


I’m running FreePBX 12.0 76 with Asterisk 11.18.0. This morning after a few days after installing i looked at my CDR report and see it is full with records from internal extensions with only a CallerID and no destination and answered for about 14 seconds. Saw calls from extensions 100, 1000, 176.
Calls are made almost every 12 seconds or so.
I know there was an internal call going on because I have setup time conditions. But in my old setup with incrediblePBX11 i didn’t see these records and only real calls made.
I have read somewhere that there were some problems with CDR is this one of them??


No these are not issues. You are being sip probed. You should turn off guest access in SIP Settings.

Of note “incrediblePBX11” uses the exact same code-base as FreePBX

This is one serious problem that is never quite understood. I have a PFSense router, I check it on a daily basis and check the firewall logs, I can watch real-time of people probing my 2 modems coming into the box. I am continuously bombarded by masses of port scans from many countries, mainly China and Russia.

Neither of my modems use static addressing as yet, so it is a random range scan looking for certain ports, mainly ports 22, 23, 8080, 80, 5060 +/- 10 ports and many others. The point I am making is, security is a major problem for all of us on the internet, if you have weak security practices, you will be at risk.

Search for ways to secure your network, secure your freepbx server or you will see things like this. You should never go live without without securing your server first. You’re just asking for trouble as you have seen, this is not pointing anyone out, it is something we all should do.

Glad you found the probes before it became costly for you.

I have disabled guests and since than the cdr reports got quiet again. Was doubting if I needed it enabled for 1 account but that seems to be wirking okay.
For the rest the setup was exactly the same as with incredible-pbx so wonder why i haven’t seen it before.
I know incredible is based on freepbx, tried to install the latest version of incredible on my beaglebone black (ubuntu 14) but things went wrong when i installed the Lenny Blacklist module. I got an error message installing and removing didn’t solve it. At the end i just used the latest available image on the beaglebone-asterisk pages.
Due to the lack of processor power installing incredible took what i can remember more than an hour.

For the rest i have no ports forwarded from my router to my asterisk as for the trunks it is not needed and i don’t use external clients.
Only have portforwarding enabled for 3 ports for a home automation system and security system so I wondet how sip probes could have ended up on the asterisk.