Hi, we just got FreePBX live with our ALLO GSM Gateway.
Now we got the call from the sim vendor that, since last few hours, the sim has got 15000+ international pulse mins and the bill is 500$ to be paid.
I was like WTF!!
How is it possible for some international bots or hackers to call the number or call from the number or forward from it without really having the admin access whatsoever ?
NEVER (EVER) Put a device of any kind that can cost you money on the public internet. If something needs external access WHITE LIST ip addresses.
FreePBX has no known vulnerabilities and I don’t think we have in over a year. So if you are up to date you are likely ok unless you didn’t apply a security update in a reasonable amount of time. Back doors can sit dormant. Though unlikely because netsec people good and bad love credit it is possible that someone could find an exploit and not report it. This is why no matter what you should always insulate your server whenever possible.
Your GSM device may also have un-patched updates.
Most exploited servers and devices serve 1 of 2 purposes
botnet (may cause you issues with your isp but not necissarily money.
International calling. Put a spending limit on international calling or see if your provider provides fraud detection. some carriers will kill international calls on your account if they see unusual activity.
Sipstation.com has several measures in place to help prevent scenarios like this, correct?(i.e. you can disable international calling entirely or set a limit)
Are you using chan_sip? We have been having hundreds of people attempting international calls with it and using some chan_sip exploit. We had to add some layers above chan_sip to prevent them from working.