Freepbx system hacked, Calls made from invalid extensions

So we found out that one of our Freepbx systems was hacked and someone is making calls through it. It was on version 14, so I pulled a backup of it, Installed Freepbx 16 and restored from backup and are still getting unauthorized calls through it. :frowning:
Here’s a screenshot. None of those extensions are on the system. Seems like a poor security design that extensions that aren’t valid are allowed to make calls. I believe the dial restrictions we have in place are keeping the calls from going through, and that’s why the calls only last for 12- 13 seconds. What should I be looking at to clean this up?

Check your extensions_custom.conf file. Is it empty?

What does your firewall consist of?

Allow Anonymous Inbound SIP Calls | On or Off?
Allow SIP Guests | On or Off?

It’s hosted on freepbxhosting.com so there’s no firewall ahead of the pbx. Responsive firewall is enabled.

Yes, It’s empty.

That would be your problem. Allow SIP Guests opened your system.

Also, please don’t reply inside a quote. It makes it look like the original quote.

3 Likes