Unauthorized Calls

I noticed that I received an email from my sip provider that my account had experienced a low balance and because I had a maximum amount set for a 24 hour period this threshold had been met. I became very concerned and when I downloaded the logs from my sip provider I discovered that someone had gained access to my freepbx 15 and was making several outbound calls that were depleting my sip fund balance.

My question:
There must be several ways that a sip expert can compromise a system but any suggestions on how I can determine how this was done so I can prevent other systems from experiencing the same unotherized access? Thanks for any help!

  • Make sure that all extension passwords are complex.

  • If possible, don’t use the default ports, eg 5060, 5160 for SIP, 22 for SSH.

  • If SSH is enabled, make sure the password is complex, or disable root password login (use key based instead).

  • Use fail2ban and a blacklist. See here for help with setting that up.

  • In Asterisk SIP Settings, set “Allow Anonymous Inbound SIP Calls” and “Allow SIP Guests” to Off.

That’s just a few things. There is a lot more you can do, but this is a good start.

Also important:

  • Make sure you have a properly configured / enabled firewall. The software firewall in FreePBX is more than adequate if you are not behind a NAT, but it’s important to set it up right, specifically making sure the outside interface isn’t in the Trusted zone and that you don’t have any privileged services in the “Internet” zone. (i.e. TFTP, Web Admin, SSH, etc.) I do not recommend changing the default service settings unless you really know what you’re doing.

  • Keep your system updated. Auto updates are OK but it’s probably a good idea to also have some kind of maintenance plan to ensure you are routinely checking the system over. Personally I prefer to update systems manually but on a schedule, and pay attention to security notifications so that important security updates can be installed promptly.

  • Make sure you’re monitoring the system and getting email notifications. Sudden changes in system performance can tip you off if there’s an issue that needs attention.

2 Likes

Disable *2 feature code
Remove Tt from dial options

It will. Help too

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.