Our freepbx server is being hacked


During the past few days, I’ve been seeing that somebody has been able to hijack one of our extensions, added dial patterns, and tried to dial several numbers in Israel. Since our system which is a freepbx has been hacked, I changed the password for the extensions and the default asterisk password. We have set up our asterisk server so that no one can do a remote console.

Our server is outside of the firewall. I was wondering how the hacker can penetrate our freepbx server.

I was thinking of changing the MySQL password also.

Any recommendations and explanation would be appreciated.



Suggestion - Place the firewall in front of the server, not behind it. It’s works much better that way.

Never ever place any server outside the firewall and keep the firewall as tight as possible. If you do not need external people from random IP’s connecting, lock down 5060 and the RTP ports to only allow communication from your trunk providers. There are a ton of script kiddies around (mainly Ukraine and Czech Republic) scanning for port 5060 being open…

Also: iptables need to be set & activates as well, but you still need the firewall.