Hacked, rogue PJSIP extension created

Hi all,

My was hacked yesterday. The hackers created a PJSIP account that I can’t seem to delete from the GUI. I was able to change the password, and of course, I’ve updated all the modules.

What might cause an extension to be un-deletable?

I’ve got backups of the evening prior to the hack, and last night after the hack, but before the framework/module upgrades. Any idea how to identify how they got in?



Are you sure it is not the default anonymous pjsip entity?

Send the backups to [email protected]
Anything else is pure speculation.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.