I recently had someone exploit our freepbx to make international calls, lots of them, and also tons of LD calls… they all originated from our (2) conference room phones, which are yealink CP960’s . I don’t think anything is wrong with the units themselves, but how would this hacking have occured? I have the passwords and secrets auto generated, yet somehow both of these extensions were exploited.
The records in the CDR are as shown above… is there something I am missing?
I changed the secrets on these 2 extensions, but want to make sure this can’t happen again.