Many Outgoing Calls (System Compromised)

Our system had a large number of outgoing calls over the weekend, which I thought were related to the ARI exploit when I found them this morning. The FreePBX firewall and fail2ban are both active. The calls stopped after I changed the ARI account credentials and restarted the server this morning. They started again this afternoon.

Edited Post to remove log and some details.

I believe the server was set to provision some remote extensions over HTTP and the credentials were likely compromised.

Tightening up the firewall / provisioning setup and changing some port configurations and seeing if the problem returns.

1 Like

Have you looked at any other logs to figure out what happened and clear the machine for continued use or are you just hoping it’s fixed with what you’ve done so far?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.