I have been using Freepbx for last 4months now, suddenly today i saw some mysterious calls like
outbound calls from extension 1114 to 442081330276, where as there is no extension 1114.
How can I prevent this? How can this happen? What are measures i should take? Need help on this ASAP.
Do you have ports open on your firewall?
I have following ports open:
80/tcp 22/tcp 6060/udp 4569/udp 5160/udp 38318/udp 59202/udp 10000-20000/udp 443/tcp 8089/udp 8089/tcp 5161/udp 5060/tcp 5061/tcp 5160/tcp 5161/tcp
Are those ports all forwarded to the PBX and open to the internet at large or whitelisted to only allow specific IP addresses?
These ports are open to the internet 
.
Ok.
So if all those ports are forwarded to your PBX (are they?) and you allow traffic from any IP address (do you?), then you have a hackers paradise.
80/tcp 22/tcp would be especially dangerous if allowed unrestricted access. You can’t leave it like that.
Have a whitelist policy on your firewall in place where you allow only specific IP addresses to establish inbound connections. Or better, close those ports and use vpn to manage your PBX.
As far as the sip ports go, use a whitelist policy as well if possible. I.e. only allow traffic to pass from your sip provider’s IP address.
Are you running the FreePBX distro?
Then you would be getting email notifications on failed attempts on sip, ssh, etc. if configured properly.
You can use the FreePBX firewall as well.
Check logfiles for suspicious activity:
https://wiki.freepbx.org/plugins/servlet/mobile?contentId=28770790#content/view/28770790
And use very strong sip passwords.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.