A big notice went out last week that the ARI has a vulnerability. You need to update. Critical FreePBX RCE Vulnerability (ALL Versions) CVE-2014-7235
Yes someone released a SMTP attack for shelshock a couple days ago. They can email your system to gain access… Please update your bash. New attack vectors will probably be found weekly.