Incoming calls now receive recording "please enter a new extension followed by #"

We’ve had a working system up for a couple months now and had no real issues with functionality.

The receptionist reported that incoming callers are now receiving the message “please enter a new extension followed by #”

I confirmed the message and my initial thoughts were that the 200 extension for reception got deleted or something but I checked and everything appears to be the same as it ever was.

For giggles I tried to enter my own desk extension and then the recording said “Call forwarding unconditional has been set to extension 128” and it hung up.

I called back and set it back to the 200 extension it’s supposed to be but I’m not familiar with the call forwarding unconditional term that the recording said to me.

Would someone please help me troubleshoot this further?


I can dial internally to extension 200 and it rings the three employees it’s supposed to, if that helps at all?

Your route is being sent to a wrong destination.

Please explain your call flow, and we’ll try to help you.

CFW Unconditional is feature code *93.

Somehow (I don’t know why) something is dropping your calls into the CFW-U feature code and allowing you to set some extension to CFW.

I think this is actually bad - try setting the forwarded number to your cell phone number and see if it gets redirected to your cell. If it is, it’s possible that someone has set your system up as a call forwarder for outside toll calls. The fastest way to check that would be to check your CDR and see if someone has been making calls during your “overnight” hours.

PitzKey - Thank you for the reply. I have an inbound route for this number. This system was fully functional on Friday and no changes were made to the system since then.

Here is the inbound route

Here is the Time Condition

Here is the Time Group

I’m not sure how to do what you’re asking.

I checked the CDR log and there was a single call on saturday for 21 seconds

from bash

rasterisk -x 'database show'|grep CF

Does that help? I don’t really know what I’m looking at

Well that’s a bit strange , I suspect you have been hacked

/CF/ : 112
should never exist

/CF/139 : *96
*96 is call forward toggle

/CF/200 : 200
call forwards 200 to 200 which then call forwards iun an endless loop

Am I correct to assume these are extensions?

112 is an extension of a sales person here, maybe they call forwarded to a cell?

139 is an employee in a division here

200 is the ring group extension for the receptionist and two other employees.

How can I turn these off? Can I just turn off the call forward feature code?

Your time condition is sending calls to its own time condition… Something is wrong here, there’s a loop.

As to 112 , no the CF is the ‘family’ , there is no ‘key’ but the ‘value’ is set to 212 , this is bogus so you are forewarned that there might possibly be other malfeasance going on.

you can delete the whole tree with (from asterisk cli)
database deltree CF

You can hence forward disable or change them in “feature code admin”

I did this and incoming calls are working properly again. I’ve changed the root password for FreePBX, outside of looking at my network is there anything else I should do within FreePBX to harden it?

Unfortunately very little inside FreePBX, but these fora have any number of posts as to how top “harden” your system, some depend on the method you used to install FreePBX.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.