I have been running my servers for several years without issue and today I wake up to a message from my trunk supplier that my system has been dialling some dodgy numbers.
Does anyone have any pointers on how best to track the attack and plug holes?
I have got their IP address and can see the logs but cannot work out the issue.
How does your firewall situation look like, any ports forwarded to your pbx, such as 5060?
Is it a hosted system running the FPBX firewall or is it behind a hardware based firewall?
Is your pbx on a public IP or behind a firewall on a private network?
We need more information to help you out, such as logs and a description of your current setup.
If your SIP port is open to the Internet, hacking bots will try and guess one of your extensions and password and make calls, but other attack vectors are also possible via ssh e.g., if that is accessible from outside.