Today, when I went over the CDR report I saw something very strange. It seems that someone is calling from our system (to destination s!!). For me, a newbie, it’s very weird. Does anyone know what this means?
Here is a shot: http://imageshack.us/photo/my-images/703/hackniu.jpg/
Thanks!
I’am no security expert but did jou disable Guest and Anonuymouse SIP calls in the PBX? i think this would be the best place to start.
The look at you logs in /var.log/asterisk/full and see what really happens.
Hope an expert will chime in for more tips…
Regards,
Richard
Is your system accessible from the Internet?
yes, it is accesible from the Internet.
Pretty certainly you’ve been hacked.
My guess is someone has managed to register a sip phone to your PBX having guessed or found the password. Did you have strong passwords on your phones? First thing is change all your passwords and if possible set up VPN’s for remote phones you have connected to the Internet.
Is your FBX GUI accessible from the internet and does FBX have a strong password? If the GUI is accessible from the Internet, firewall the PBX and only open port 5060 and RTP ports 10000-20000.
If you need to access the FBX GUI from the Internet set up a VPN to your PBX’s router and get to the PBX that way.
The best way is not to be connected to the Internet at all but that is virtually impossible for most of us so you have to lock everything up as tightly as you possibly can.
