Hackers making phone calls with my number. Any advice or tips?

Hello,

I have a working freepbx after setting it up for the past couple of weeks. I am getting people “calling back” after saying I called them and my voip.ms balance has droppd a dollar. I havnt used my phone at all not even once.

• My fail2ban is on

• FirewallD is active

• Allow sip Guests: No

I have a local plumbing business In USA that at most goes 25 miles from my office. Im not making calls out of state, to dubai china russia the moon etc. Any other strategies I can take to stop the calls?

Do the fraudulent calls appear in the Asterisk log? If not, your VoIP.ms account may have been hacked, unrelated to FreePBX.

If yes, what do they show? Stolen credentials for an extension? Problem with dialplan allowing unauthenticated users to reach external numbers?

I just shutdown my freepbx server to see if its my voip.ms getting hacked. I was seeing tons of attempts in the logs of freepbx before shutting it off though. I noticed my balance hasnt moved so it must be the freepbx.

Disable offshore/premium-rate/international numbers. There are several discussions here on how to do so

I did but it still looks like they were making calls to Main and new jersey.

Do you allow

Anonymous calls?
Guest calls?
Calls to UDP:5060?

as these are the usual culprits

Guess Calls no.

I have a small business and need people to call me. Does setting anonymous calls to no disable that? I currently have it on.

Anonymous calls allow you to accept calls from anyone rather than a credentialed source.

Anonymous Call Rejection - Phones - Sangoma Documentation (atlassian.net)

not if they know your phone number.

Your fpbx call logs will tell you how they are making the calls. Enabling or disabling things to see if the problem goes away, without trying to figure out how they are making calls in the first place, is a rather ham handed way of trying to troubleshoot.

Thanks for the advice. I will solve it got some good feedback here.

Are these people calling you back because they received a call from your number? If so, do you see any calls in the CDRs outbound to those numbers? I highly doubt you are hacked if your balance has moved less than a $1 during all this.

It is very possible that someone is spoofing your number in CallerID and that is why you’re getting call backs from strangers who are returning calls.

Also, has extensions_custom.conf been touched or have anything it shouldn’t inside of it. If you’ve never touched that file before, it would be empty.

set allowed dial-pattern to all of your outbound routes. This makes shure that only wanted external numbers can be dialed. It’s only a first step to keep your telephony budget in line.
Change the passwords of your extensions to automatic set passwords (e.g. 12 digits).
Reduce intrusion detection failed tries from 5 to 2 (under sysadmin, intrusion detection), set find time and ban time to 86400, whitelist IP 127.0.0.1 and your own (private,local) ip-range.

Check if someone called a voicemail and launched a transfer call to any external number.
VM exploit, but fixed for some years ago. But maybe…
BTW Never use 1234 or 0000 as vm secret.

Or you allowed the incomming calls to use / initate a transfert . (Dial Option)

Unfortunately this is a very common problem. They are spoofing random numbers, and we get caught in the middle. Google Android (and Apple?) lets folks flag the calls coming in as SPAM.

I had this happen to one of my numbers… and it’s a bear to fix as they then mark the calls as “Suspected SPAM”

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.