I have been compromised.
I have a distro PBX 14 setup. I have twilio account setup for outbound calling.
Auto refill is enabled on the account.
I have noticed successful calls on switzerland High-Risk Toll Fraud destination.
when I want to check the CDRs and Log files in FreePBX, I can’t find any of the record for those dates like on 26th and 27th I have no record of any
of the log files: CDRS, FreepbxLogs, security logs, fail2ban or any of the logs for those dates.
Now I want to trace those call logs and check how system was breached and we were compromised.
Are there any suggestions to start from.
One Major concern is twilio has those high-risk Toll Fraud destinations by default blocked, then how calls passed to these destinations.
Nope. CDRs are stored in a MySQL (MariaDB) database. There is no automated method of pruning or trimming those records down unless you implemented a method that would clean up the database records.
If they aren’t in the CDR report, then a CDR either wasn’t generated or it was deleted from the database by someone. Again, there is no automated cleanup of the database records.