Hello,
A friend of mine had a Sangoma freepbx appliance installed that whilst it is working fine has seen some strange attempted calling behaviour in/around 1am GMT every morning - as though a script is running. The responsive firewall is all setup and for all intents and purposes it is fine apart from this issue.
Fortunately as a second line of defence the maximum per minute call rate has been set with the provider at US$ 4 cents - so every day (for a few days now) you will see a string of “over max rate” logs of all the attempted calls.
I had read somewhere that Sangoma was compromised ? - note this appliance is registered on their portal - so could it be a case that it has been hacked via a back door and thus bypassing the firewall ? And, if so is it simply a question of applying some patch or finding / deleting this script ?
I’m not overly Linux friendly but I’m happy enough to SSH into the box and follow an instruction or two.
Suggestions kindly welcome.