Whats wrong with FreePBX?

Hi, we just got FreePBX live with our ALLO GSM Gateway.

Now we got the call from the sim vendor that, since last few hours, the sim has got 15000+ international pulse mins and the bill is 500$ to be paid.
I was like WTF!!

How is it possible for some international bots or hackers to call the number or call from the number or forward from it without really having the admin access whatsoever ?

Maybe they can access to ur phones, limit connections from LAN only

You mean the ALLO gateway ?
Its on public IP.

Shall I close all external connections to ALLO GSM gateway completely ?

Yes because they don’t need the PBX to hack the gateway via SIP and then make calls out the GSM connection on the gateway.

NEVER (EVER) Put a device of any kind that can cost you money on the public internet. If something needs external access WHITE LIST ip addresses.

FreePBX has no known vulnerabilities and I don’t think we have in over a year. So if you are up to date you are likely ok unless you didn’t apply a security update in a reasonable amount of time. Back doors can sit dormant. Though unlikely because netsec people good and bad love credit it is possible that someone could find an exploit and not report it. This is why no matter what you should always insulate your server whenever possible.

Your GSM device may also have un-patched updates.

Most exploited servers and devices serve 1 of 2 purposes

  1. botnet (may cause you issues with your isp but not necissarily money.
  2. International calling. Put a spending limit on international calling or see if your provider provides fraud detection. some carriers will kill international calls on your account if they see unusual activity.


Sipstation.com has several measures in place to help prevent scenarios like this, correct?(i.e. you can disable international calling entirely or set a limit)

yes, that is correct

I HAVE BLOCKED ALL EXTERNAL ACCESS TO my freePBX centOS server IP and Allo GSM Gateway IP.

And only allowed my home and office IP.

So its safe now ?

About ur IoT devices? u limit it too? if u do u should be safe

Are you using chan_sip? We have been having hundreds of people attempting international calls with it and using some chan_sip exploit. We had to add some layers above chan_sip to prevent them from working.

where do I see what Im using ?
I hired someone to set it up actually.

Under the codecs make sure that callers can transfer call is disabled. We got burnt by that once.

UNDER WHICH MENU to find that ?

It is under admin–> feature codes. Actually it is called in call blind transfer.