Whats wrong with FreePBX?

soamz · November 20, 2017, 1:07pm

Hi, we just got FreePBX live with our ALLO GSM Gateway.

Now we got the call from the sim vendor that, since last few hours, the sim has got 15000+ international pulse mins and the bill is 500$ to be paid.
I was like WTF!!

How is it possible for some international bots or hackers to call the number or call from the number or forward from it without really having the admin access whatsoever ?

aguywhoneedhelp · November 20, 2017, 1:41pm

Maybe they can access to ur phones, limit connections from LAN only

soamz · November 20, 2017, 1:44pm

You mean the ALLO gateway ?
Its on public IP.

Shall I close all external connections to ALLO GSM gateway completely ?

BlazeStudios · November 20, 2017, 7:25pm

Yes because they don’t need the PBX to hack the gateway via SIP and then make calls out the GSM connection on the gateway.

jfinstrom · November 20, 2017, 7:54pm

NEVER (EVER) Put a device of any kind that can cost you money on the public internet. If something needs external access WHITE LIST ip addresses.

FreePBX has no known vulnerabilities and I don’t think we have in over a year. So if you are up to date you are likely ok unless you didn’t apply a security update in a reasonable amount of time. Back doors can sit dormant. Though unlikely because netsec people good and bad love credit it is possible that someone could find an exploit and not report it. This is why no matter what you should always insulate your server whenever possible.

Your GSM device may also have un-patched updates.

Most exploited servers and devices serve 1 of 2 purposes

botnet (may cause you issues with your isp but not necissarily money.
International calling. Put a spending limit on international calling or see if your provider provides fraud detection. some carriers will kill international calls on your account if they see unusual activity.

lzcantrell · November 20, 2017, 8:45pm

@jfinstrom

Sipstation.com has several measures in place to help prevent scenarios like this, correct?(i.e. you can disable international calling entirely or set a limit)

jfinstrom · November 20, 2017, 9:08pm

yes, that is correct

soamz · November 21, 2017, 2:28am

I HAVE BLOCKED ALL EXTERNAL ACCESS TO my freePBX centOS server IP and Allo GSM Gateway IP.

And only allowed my home and office IP.

So its safe now ?

aguywhoneedhelp · November 21, 2017, 11:23am

About ur IoT devices? u limit it too? if u do u should be safe

adtopkek · November 21, 2017, 2:14pm

Are you using chan_sip? We have been having hundreds of people attempting international calls with it and using some chan_sip exploit. We had to add some layers above chan_sip to prevent them from working.

soamz · November 22, 2017, 2:04pm

where do I see what Im using ?
I hired someone to set it up actually.

sonnybadbutt · November 23, 2017, 9:01pm

Under the codecs make sure that callers can transfer call is disabled. We got burnt by that once.

soamz · November 24, 2017, 2:27pm

UNDER WHICH MENU to find that ?

sonnybadbutt · November 24, 2017, 2:55pm

It is under admin–> feature codes. Actually it is called in call blind transfer.

soamz · November 24, 2017, 3:07pm

DO YOU SEE ANY MISTAKE HERE ?