FreePbx Hacked

I just found out that someone has hacked in my Freepbx. I have looked at some CDR records and noticed this unauthorized extension which is not in the we portal. I have looked at my extension.conf files and It is no where to be found. I am looking to remove the extensions that were created by the hacker. I would like to know where I can look to see where the hacker hid those extension or peers that might have been created in the system which are not visible to me. Any help would be appreciated. I have changed the Ip address to shart disabled SSH. Is there anything else I could do to make my box more secure? I have changed all default passwords and I also have addded https: with port that follows to make more secure.

Any help will be appreciated.

Thank you

if I take the backup from the config and all and re image it and restore backup from a previous version will that work fine? curretly running 2.7. I believe they went through the a2billing way which i had running on there. I dropped the database and deleted all a2billing files and will disabled ssh.

Will the new version of Freepbx work fine doing a restore from version 2.7?


If your system was hacked, you need to re-image it.

You have no idea what trojan or back door they have left behind.