I have experienced the most expensive lesson in my life.
Getting into to the topic.
I have FreePBX installed in my office, also connected with GSM card and fonet.dk that provides me a number.
I have two IP phones set up with FreePBX everything was working fine till today. It started when number “000” called twice on my phone. To get know what the fuck is going on I went to “Call Logs” in FreePBX.
What I saw was very wierd. It was many calls made buy diffrent caller IDs that I dont have. I was very worried that someone called from my PBX and I wasnt wrong. I found out that my bill is 1000Euros higher then it supposed to be.
Do you have easy to guess passwords?
Do you allow anonymous or guest SIP connections?
Do you have a strict firewall policy that only allows trusted hosts in on SIP?
Have you explored fail2ban?
This list is probably close to the top four mistakes made.
My password is not easy. It has number, symbols and is 18 characters long.
It is set to NO.
Couple ports was open probably for all devices. But I disabled ports forwarding to PBX and after connecting it into a network I have strange logs in the CDR Logs “from-sip-external”.
Yes, I have installed fail2ban-0.8.11
Thank you for your respond.
Is there a way to disallow all calls from my pbx, so I can connect it to the network?
If you have no external devices, I.E. Softphones that need out of your local network access. You can shut down ports 5060 - 5061, this stopped a lot of crap trying on my systems.
Closing 5060 - 5061 will keep out the kiddies, but you should tighten down your firewalls too. Others may tell you different, but for me, right now I do not see anything weird in my logs and have not for many, many months.
If you are unsure of what you need to do, Freepbx has some great paid support that can help you out.