Unknown calls shown in my freepbx call event


(Ucef06) #1

Hello everyone,

after my trunk provider had bloqued my trunk for attemting calls credits . i checked the call events in my freepbx to see what is the problem . i have found alot of unknow calls to many unknown strange phone numbers from my extensions and other extensions . i’ve checked in the forum and i’ve found that i should block guest sip i did it but i allways have calls in my calls event from my extensions even if my trunk is blocked . (i have a PJSIP configuration ) . what can i do ?


(Andrew) #2

Check the logs in /var/log/asterisk/full and you will likely see these calls. You need to disallow guest and anonymous, and also lock down your box with a firewall, iptables or otherwise.


#3

Your system has been hacked. Find one of these calls in the Asterisk log (/var/log/asterisk/full or a rotated one) and determine whether the attacker obtained SIP credentials or exploited a vulnerability calling in (transfer, voicemail, etc.)


(Ucef06) #4

yes i did’t …i dissalowed guest and anonymous and i have activated the firewall in freepbx…now there is no calls in call event…thank you so much … but how i can determine whether the attacker obtained SIP credentials or exploited a vulnerability from /var/log/asterisk/full ??


(Franck Danard) #5

Check if you’ve got the context :

thanku-outcall in extension_custom.conf, then remove it and reload through console : fwconsole r

You have a security issue. So, your system is not correctly safe.
You have to setting up your firewall correctly applying some right rules.
There lots of thread on this forum about that. Please read them.


(Ucef06) #6

Hello @danardf i cheked /etc/asterisk/extensions_custom.conf but it’s empty … it’s the right path ?


(Franck Danard) #7

yes correct.
So, your issue is elsewhere.
But I think you have been hacked.
Please, apply the good rules in your firewall.
Next, change all extensions password.
Your GUI should never get any access from Internet.
Change GUI port instead 80 / 443

Check some security thread on this forum and try to apply the rules.

image


(Franck Danard) #8

Don’t forget to update your system as well:

fwconsole ma updateall
yum update -y


(Ucef06) #9

i already activated the freepbx firewall and i have changed the settings to no for sip guest and anonymous … i will change the extensions passwords and the GUI port right now … thanks alot


(Franck Danard) #10

The fact to enable the firewall doesn’t say it’s ok.
You need to check if the right rules are set and doesn’t leave anybody enter into your system.


(Ucef06) #11

i allowed only my network acces to freepbx


(Franck Danard) #12

If someone is intruduced into your network through a backdoor (router or any workstation), that will not be efficient.