I have a client that uses Flowroute for their SIP provider. He got a message asking if he wanted to block calls to the UK. He is in the US and wanted to know if that was spam or something else. I logged into his Flowroute account and noticed that over the last two days there were a lot of 2 minute phone calls. I pulled a CDR report and noticed that the origin IPs were not from his PBX. Ok, this looked interesting to me. I wondered . . . Hmm. Did his PBX get hacked. I went to log into his PBX and saw the missing menu bar. I get the system overview and feed modules, but the blue bar above has NO menus.
Ok, that seemed odd, so I logged into the box. I did a yum update then a yum upgrade then a fwconsole ma updateall. Still no menus. Then I saw another thread and the person suggested doing a fwconsole ma upgrade framework. I got a message stating I had the latest framework.
So I realize that this is really a two part question and they are somewhat related.
- How do I get my menu back?
- How do I determine if the server was hacked into. I have gone to Flowroute and whitelisted US calls only.