Weird caller id showing up in freepbx only

last night I got a bunch of calls from weird callerids. These calls did not show up in my callcentric log, but only in freepbx. Is this something I should be worried about? I don’t see any new inbound/outbound routes and there aren’t any suspicious outbound calls in my callcentric log. I just don’t want my freepbx to be the equivalent of an open smtp relay.

here are the calls in question.

2014-10-31     19:39:22     "s"     s     s     9 sec       
2014-10-31     19:39:07     @#$%^&         vmu1000     51 sec       
2014-10-31     19:33:34     "[email protected]"     s     s     8 sec       
2014-10-31     19:32:20     Pass>>>Discoteque-Team         vmu1000     51 sec       
2014-10-31     19:31:34     cody&lixxli-->bbs.bbscoll.net         vmu1000     51 sec       
2014-10-31     19:31:13     :.:Javen4rr:.:         vmu1000     51 sec       
2014-10-31     19:31:13     @[email protected]         vmu1000     32 sec       
2014-10-31     19:31:13     @SoundDealer         vmu1000     32 sec       
2014-10-31     19:31:13     @dirk         vmu1000     32 sec       
2014-10-31     19:31:13     @[email protected]         vmu1000     32 sec       
2014-10-31     19:31:13     @MtB         vmu1000     32 sec       
2014-10-31     19:30:55     @#$%^&         vmu1000     52 sec       
2014-10-31     19:27:21     @#$%^&         vmu1000     51 sec       
2014-10-31     19:23:14             vmu1000     52 sec

Is your PBX open to the Internet? Is it protected by a firewall?

yes it is behind a fire wall.

Are you forwarding SIP and allowing it from everyone?

I believe I forwarded the ports, but I will have to double check tomorrow.

Here is something interesting, I did a google search for @SoundDealer and this list came up. This list is for passwords, check this link… http://www.scribd.com/doc/62548186/Password-List

I would close your SIP ports if you do not need access from the outside, tighten up your firewall and check to make sure you have not been hacked.

Make sure anonymous inbound sip is set to no, this can be found under Settings - Asterisk Sip Settings… but more importantly, and you should do this on EVERY request for help, you need to state your FPBX Version.

I can only see the first couple of pages, but I noticed almost the weird things I was seeing were in that list. So is that just someone trying to break in?

I think they maybe using that list to brute force your phone system, just to see if you maybe using one of them passwords. If you ask me, it is probably a moron that really does not know what they are doing.
Maybe someone else can have some more info on this, but you really need to close the access points to your system.

If you require any help from anyone on here, you also need to provide your FreePBX version. Until that comes along, many will not provide help. I can’t go any further without knowing your version, there is a critical patch/upgrade that may require you to do, or you could be totally vulnerable.

yeah it turned out the the ports were fordwarded and open. They are only forwarded now.

version 2.11.0.41

http://www.freepbx.org/node/92822