GO HERE Hack made calls to kosovo, how to block

[ghurty]

One of our boxes got hacked and we had many calls made to kosovo on it.
Our setup is as follows:
Local extensions
One remote pbx in a flash server via SIP
remote extensions using VPN

How can I lock down the box so only the approporaite extensions can make the calls. The extension that the calls were coming from actually for some reason did not have a secret. i have since deleted that extension, but I want to lock the system down more.

PIAF 2.0.6.2
Freepbx 2.10.0.2
asterisk 1.8.13

THank You

 

[wardmundy]

Can't imagine why you got hacked without an extension password.

Try Travelin' Man 3.

 

[leemason]

Or setup iptables to only allow the addresses that you need to access the PIAF system. Especially on port 5060 and the web interface on 80 and 443.

 

[Huckda]

and set some dialplan rules ? so only local and within your country calls can be made?

 

[leemason]

Trouble is if someone can hack into your management web interface then you could easily setup new extensions (without secrets even!) so exploit your system over and over again.

 

[wardmundy]

Security 101: If your system has been hacked, start over! Change all of your provider passwords, too. Trying to repair a system when you have no idea what the bad guys were able to do is CRAZY!

 

[Huckda]

"one of our boxes got hacked"... doesn't really say HOW it was hacked... they root the system or merely guessed your maint passwd? or just used some funky extension brute force-like that didn't have a 'secret'?
but Ward is right... if you got hacked.. change it all..