Hacked - Security Advide needed

Hi.
My system is compromised, but not sure eexactly how. The GUI is not available from the internet.

What advice can you give to stop this happening again?

I only use one SIP provider, so can I restrict access to the system from their domain maybe on the firewall?

What other system settings are there for me to limit the opportunity for hackers in future?

Thanks

Mark.

I have changed the admin password and re-booted, can anyone tell me if this is normal from the asterisk log at boot?

[2014-01-18 00:11:52] VERBOSE[3372] pbx.c: – Added extension ‘+1NXXNXXXXXX’ priority 1 (CID match '+1NXXNXXXXXX’) to from-pstn-e164-us
[2014-01-18 00:11:52] VERBOSE[3372] pbx.c: – Added extension ‘+1NXXNXXXXXX’ priority 2 (CID match ‘NXXNXXXXXX’) to from-pstn-e164-us
[2014-01-18 00:11:52] VERBOSE[3372] pbx.c: – Added extension '
+1NXXNXXXXXX’ priority 1 (CID match '
+X.’) to from-pstn-e164-us
[2014-01-18 00:11:52] VERBOSE[3372] pbx.c: – Added extension ‘+1NXXNXXXXXX’ priority 2 (CID match ‘011X.’) to from-pstn-e164-us
[2014-01-18 00:11:52] VERBOSE[3372] pbx.c: – Added extension '
+1NXXNXXXXXX’ priority 1 to from-pstn-e164-us
[2014-01-18 00:11:52] VERBOSE[3372] pbx.c: – Added extension '
[0-9+].’ priority 1 (CID match ‘+1NXXNXXXXXX’) to from-pstn-e164-us
[2014-01-18 00:11:52] VERBOSE[3372] pbx.c: – Added extension '
[0-9+].’ priority 2 (CID match ‘NXXNXXXXXX’) to from-pstn-e164-us
[2014-01-18 00:11:52] VERBOSE[3372] pbx.c: – Added extension '
[0-9+].’ priority 1 (CID match ‘+X.’) to from-pstn-e164-us
[2014-01-18 00:11:52] VERBOSE[3372] pbx.c: – Added extension '
[0-9+].’ priority 2 (CID match ‘011X.’) to from-pstn-e164-us
[2014-01-18 00:11:52] VERBOSE[3372] pbx.c: – Added extension '
[0-9+].’ priority 1 to from-pstn-e164-us
[2014-01-18 00:11:52] VERBOSE[3372] pbx.c: – Added extension ‘s’ priority 1 (CID match ‘_+1NXXNXXXXXX’) to from-pstn-e164-us
[2014-01-18 00:11:52] VERBOSE[3372] pbx.c: – Added extension ‘s’ priority 2 (CID match ‘NXXNXXXXXX’) to from-pstn-e164-us
[2014-01-18 00:11:52] VERBOSE[3372] pbx.c: – Added extension ‘s’ priority 1 (CID match '
+X.’) to from-pstn-e164-us
[2014-01-18 00:11:52] VERBOSE[3372] pbx.c: – Added extension ‘s’ priority 2 (CID match ‘_011X.’) to from-pstn-e164-us
[2014-01-18 00:11:52] VERBOSE[3372] pbx.c: – Added extension ‘s’ priority 1 to from-pstn-e164-us
[2014-01-18 00:11:52] VERBOSE[3372] pbx.c: – Registered extension context ‘from-pstn-toheader’; registrar: pbx_config

It appears to be setting up extensions not on my system.

M.

Those aren’t extensions, they are outbound routes.

I would disconnect or severely limit Internet connection before you get a 10,000 phone bill

Thanks Skyking, I seem to have managed to stop the hackers using the system, I know very little about freePBX and found a setting which allowed anonymouse calls from the system in asterisk sip settings. I disabled this and have changed the password.

There is no acces thriugh my firewall on any ports (21, 80 etc), but the 5060 ports are open etc.

Is there any chance that whoever hacked the system have made any changes which will allow them in again in any other way?

I don’t want to rebuild the server, but will if I have to.

Sorry for the silly questions.

M.