Phantom Calls from Extensions that Don't Exsist

I have just implemented my first freepbx (and first pbx in general) I paid a freelancer to setup the server side of things on EC2 and I have been working to configure the gui portion.

I keep getting “phantom” calls on my extensions with silence on the other line… usually from extensions that don’t exist. I read an article on here relating to phantom calls and it pointed to someone probing or hacking my pbx, but unlike that scenario I see no indication of these calls at all in the Master.csv CDR.

A few questions:

  1. While I figure this out, if I have a prepaid sip provider, my liability would be limited to what is prepaid in my account correct?

  2. My freelancer assures me that CSF firewall he put in place protects me from hacking attempts. So looking for an alternate explanation.

  3. Where would I look to find where these phantom calls may be coming from other than the Master.csv file

  4. Any other tips or ideas on what I need to do to protect myself?


  1. yes, they can only steal what you have.
  2. CSF is not really designed for that level of log scanning, perhaps your freelancer could extract from csf.conf what he has done to scan what logs and explain why it would work, post such configures here for peer review.
  3. You will find them in /var/log/asterisk/* by default SECURITY and NOTICE and perhaps WARNING would have to be set in /etc/asterisk/logger*.conf to show the intrusion attempts. Looking at the cdr’s is “way too late” :slight_smile:
  4. Fail2ban (by whatever name) is the conventional recipe suggested over the last few years. Another tip, don’t tip your freelancer yet . . .

Thank you so much for the information… I’ll keep my prepayment small until I figure it out