There are a lot of things I find puzzling about this whole situation. Not doubting that it happened, but I don’t see how FreePBX could have been involved, since it won’t even let you create a non-numeric extension. And if they are going outside the FreePBX interface, then the e-mails would not do you a bit of good, since it sounds like they aren’t doing anything that would cause a noticeable change in your FreePBX configuration.
What I also wonder is, if the calls didn’t appear in your CDR, how did you even discover that they had created an extension called asdasd? And did this extension actually appear in the FreePBX extensions?
Anyway, if you know what you are doing, the best thing you can do is tighten your firewall. You should have it set up so that only YOU can get to things like Webmin, SSH, the FreePBX GUI, etc. You should definitely be running fail2ban.
But because you are already compromised and because you sound like you’re not sure how they are getting in, and maybe aren’t experienced enough to know how to keep the bad guys out, my suggestion would be that you head over to the PBX in a Flash site and take a look at that distribution and the so-called “Incredible PBX” add-on. Whatever else you can say about that distribution, they are (if anything) almost at the point of being overly paranoid about security. If you wipe your current installation and reformat the hard drive (which will happen automatically if you install PiaF or the Incredible PBX from an ISO you’ve burned to a CD) then however your system is currently compromised won’t matter (any rogue software will be wiped out), and the Incredible PBX security model ought to keep the bad guys out as long as you don’t mess with the firewall settings.
You will want to save your current settings for extensions, trunks, etc. Extension and Inbound Route settings can be saved using the Bulk Extensions and Bulk DIDs modules (save to a CSV file) and I’d just take screenshots of everything else (the Firefox ScreenGrab add-on is useful for this purpose). Under normal circumstances I’d suggest using the FreePBX Backup & Restore module but since you may not know exactly how you’ve been compromised, that module could bring something unwanted back in (maybe — if a FreePBX developer tells you differently, take their word for it, not mine — and by the way, the guy using a copyrighted comic strip character as his avatar is NOT a FreePBX developer, just so you know).
If I’m guessing wrong about your level of experience then please feel free to ignore the above advice. I know that wiping out and rebuilding a system is not a task to be undertaken on a whim, and I ONLY make the suggestion because it sounds like you need a much tighter security model, and “Incredible PBX” will at least give you that. But if you don’t want to go that route, then make sure that ALL the ports are your firewall are closed to the outside world except the ones that you absolutely need to be open (and if you are the only one that needs to access them, then they should only be open to YOU).
Oh, and to answer your question, at present there is no way I know of to send an e-mail notification on a specific type of FreePBX configuration change, or ANY type of configuration change, as far as I know. Maybe the logic to do that could somehow be tied into an “orange bar” reload if enough people wanted it, but you’d have to make a feature request, and as I pointed out above, it wouldn’t even help at all if they are making changes outside of the FreePBX GUI.