after my trunk provider had bloqued my trunk for attemting calls credits . i checked the call events in my freepbx to see what is the problem . i have found alot of unknow calls to many unknown strange phone numbers from my extensions and other extensions . i’ve checked in the forum and i’ve found that i should block guest sip i did it but i allways have calls in my calls event from my extensions even if my trunk is blocked . (i have a PJSIP configuration ) . what can i do ?
Check the logs in /var/log/asterisk/full and you will likely see these calls. You need to disallow guest and anonymous, and also lock down your box with a firewall, iptables or otherwise.
Your system has been hacked. Find one of these calls in the Asterisk log (/var/log/asterisk/full or a rotated one) and determine whether the attacker obtained SIP credentials or exploited a vulnerability calling in (transfer, voicemail, etc.)
yes i did’t …i dissalowed guest and anonymous and i have activated the firewall in freepbx…now there is no calls in call event…thank you so much … but how i can determine whether the attacker obtained SIP credentials or exploited a vulnerability from /var/log/asterisk/full ??
thanku-outcall in extension_custom.conf, then remove it and reload through console : fwconsole r
You have a security issue. So, your system is not correctly safe.
You have to setting up your firewall correctly applying some right rules.
There lots of thread on this forum about that. Please read them.
yes correct.
So, your issue is elsewhere.
But I think you have been hacked.
Please, apply the good rules in your firewall.
Next, change all extensions password.
Your GUI should never get any access from Internet.
Change GUI port instead 80 / 443
Check some security thread on this forum and try to apply the rules.
i already activated the freepbx firewall and i have changed the settings to no for sip guest and anonymous … i will change the extensions passwords and the GUI port right now … thanks alot