@pbaeumel wrote:
Dear all,
unfortunately my FreePBX-VPS got hacked yesterday night.
Even if Im no real expert in Linux I have had Fail2Ban and CSF-Firewall setup and FreePBX has lastet over one year against any hacking-attemps [so I can`t be that really bad in secureing the whole thing].As I got a warning message tomorrow morning from on of my SIP-trunk providers because of call to international destinations I firstly shut-down the VPS with freepbx and changed all SIP-Passwords on the different trunk-providers I use.
I then restarted FreePBX-Server and I`m know intressted in "How have they got onto the Box?"; where should I began my research?
Additional question is arrising: In each of the PBX-forums around there is the Warning "Do never host or connect your PBX to the internet"; some thing I have done with my family-PBX for the reasons of zentral reachability from the phones of 4 family-homes, the easy support possibilities [if something does not work; i could change it in 90 percent of the cases inside FreePBX; there is no need to drove to the site personally for supporting settings in the phone hardware], many routing possibilities and easy control of the routing [local hardware does not support such detailed routing-plans] and centralised blacklist for unwanted calls [local hardware is limited on 100 blacklist-entries which is not enough for blocking all unwanted calls] as well as other great futures of FreePBX.
Is there any possibility to use all of the above mentioned advantages even without FreePBX installed on a VPS-Server on a publich ISP. What do you recommend?
Best regards,
Patrick
Posts: 1
Participants: 1