Today, when I went over the CDR report I saw something very strange. It seems that someone is calling from our system (to destination s!!). For me, a newbie, it’s very weird. Does anyone know what this means?
My guess is someone has managed to register a sip phone to your PBX having guessed or found the password. Did you have strong passwords on your phones? First thing is change all your passwords and if possible set up VPN’s for remote phones you have connected to the Internet.
Is your FBX GUI accessible from the internet and does FBX have a strong password? If the GUI is accessible from the Internet, firewall the PBX and only open port 5060 and RTP ports 10000-20000.
If you need to access the FBX GUI from the Internet set up a VPN to your PBX’s router and get to the PBX that way.
The best way is not to be connected to the Internet at all but that is virtually impossible for most of us so you have to lock everything up as tightly as you possibly can.