I have been using Freepbx for last 4months now, suddenly today i saw some mysterious calls like
outbound calls from extension 1114 to 442081330276, where as there is no extension 1114.
How can I prevent this? How can this happen? What are measures i should take? Need help on this ASAP.
Ok.
So if all those ports are forwarded to your PBX (are they?) and you allow traffic from any IP address (do you?), then you have a hackers paradise.
80/tcp 22/tcp would be especially dangerous if allowed unrestricted access. You can’t leave it like that.
Have a whitelist policy on your firewall in place where you allow only specific IP addresses to establish inbound connections. Or better, close those ports and use vpn to manage your PBX.
As far as the sip ports go, use a whitelist policy as well if possible. I.e. only allow traffic to pass from your sip provider’s IP address.
Are you running the FreePBX distro?
Then you would be getting email notifications on failed attempts on sip, ssh, etc. if configured properly.
You can use the FreePBX firewall as well.
Check logfiles for suspicious activity: https://wiki.freepbx.org/plugins/servlet/mobile?contentId=28770790#content/view/28770790