We recently decided to work with Sangoma Connect so that our employees could access the PBX on their smartphones.
Everything was fine and I had worked with this document in order to try to make it secure, but a couple of days ago someone was able to start making a bunch of toll calls from one of our extensions and it triggered the fraud alert at our SIP trunk provider. Luckily we had disabled International calling and the monetary damage was negligible.
I’m not sure where to begin trying to figure this out. I checked the secret on the extension and it was generated by the system and fairly long. All of the other details in that document are in place other than white-listing my clients as I don’t have a way to do that.
Where else should I look? What logs to read in order to figure out where the hackers came from or got in? We’re running the latest distro and it’s entirely patched up.
For now we’re running with toll calling disabled at the vendor.