I am very concerned that my FreePBX has been hijacked. Based on the attached screenshot, there are a lot of unrecognized calls. If you look for 2 days, there are 92 pages!
Also under the column “Duration”, what is the unit of measure? Would the number ‘12’ mean minutes or seconds?
Look at your sip devices and make sure that what is registered is what you expect. You can also look at the log to see where/how these calls are originating.
It’s good to see you Dicko.
I’m sorry. please show me how I can check if guest and anonymous are off.
The FreePBX & router’s firewall is turned on
I should share that no calls gets thru to our desk or soft phones that are SIP attacks. In other words, our phones never ring. That leaves, would it be possible that someone is calling from our server? Judging from the asterisk CLI and running the show-peers, the extension that’s connected is OK and those which aren’t connected show “unknown” which is what I would expect.
If you allow guests, you allow answer, the calls will last a few seconds each, you might or might not be charged for inbound call, but if you are, then depending on your vsp, they are likely billed in 6 seconds increments so if you have allow guests on, and 92 calls charged at 12/60 times inbound per minute charge, (which if above 2 cents a minute is extortionate) probably < 20 cents.
Turn off Guest calls unless you need them.
(As a further note , fail2ban will not notice maleficent calls if you have “allow guests” on. , if you turn it off, then expect a reduction of such calls if you are using fail2ban)
I understand that you don’t know of anybody internally making all those calls, but if I am reading the call event log correctly then user 113 and user a’or’3=3-- are making a lot of outbound calls.
I don’t understand because, as I replied to @gerrymad, users 113 and 3=3 NEVER existed on said FreePBX server. I don’t know where these users came from. Any ideas?