Our freePBX server was hacked this weekend and used to run up a big bill of international calls. I was alerted by our VoIP provider. I am puzzled because the box was protected by a hardware firewall, a Juniper J series router. It wouldn’t have been possible to SSH to the box or register an extension. However, port 80 was open to the outside world, I didn’t have default username and password set for the GUI.
There is no record of the calls in the GUI but I can see them in /var/log/asterisk/full
We nipped this in the bud thanks to precautions our VoIP provider have in place but as we are a small enough company this could have done a lot of financial damage.
Can this type of attack take place on Port80 and if so how?
I have changed the default ports and the GUI is no longer reachable from the public internet.
I would appreciate any tips or links to relevant articles.