Hi,
Anyone seen this before? Looks like there were a bunch of calls made this afternoon. All to Europe and lasted 13 seconds. I know no one made any call during that time, and especially no one here knows how to make calls using IP instead of extensions. Comments?
WHOA!You better make the assumption you've been compromised. Did you NOT change the root password after installation? Did you forward any ssh or http ports to this box so it was reachable from the public?
If you answered YES to any of these questions, you have to assume you've been hacked. Theft of phone services is a common issue online, always eliminate attack vectors on your phone system.
UNLESS you can determine something was dialing these numbers in your own residence...
What you should do if you were hacked...
1) Nuke the system and start over, unless you are an expert in cleaning up compromised systems
2) Don't expose it to the internet directly
3) Set a strong root password for root
4) CHANGE your passwords / secrets used with your IP-Telephony VOIP provider(s) so nobody else knows or has your credentials or can steal further phone service from you.
