We are seeing fraudulent calls from extensions and some are from 10 digit numbers that are not even present on any extensions or SIP trunk.
Howdy! Welcome to the forums. Sorry it started on a bad note 
First, you might want to disconnect your system from the internet in order to review the extent of the damage and prevent further immediate exploitation. This might be a misconfigured dialplan that you can fix in the FreePBX GUI, or, it might be worse eg. an SSH access / root compromise.
Please consider reviewing some documentation on security best practices:
Then, one approach could be to spin up a new system entirely, secure it using those guidelines as a starting point, and finally restore from your backup of the hacked system and make any necessary changes to your dialplan, SSH passwords, firewall, etc., to prevent further problems.
Edited to add another good read on this:
âŚwhich links back to some forum threads:
1 Like
Just donât listen on UDP:5060 ;- )
3 Likes
already set to NO
Not a real solution. Hacking can still take place.
True, but I would guess there will be a better than 99% chance it will fix the OPâs problem.
Personally I find that using TCP as the transport on the Server and having a reverse proxy, in my case haproxy, ONLY send TLS certified calls and registrations to an âunassociated and obscureâ domain name from your external presence onward to the PBXâ local presence and enforcing a strict SNI policy will be much less likely to be âhackedâ, but it takes a couple more changes.