FreePBX VoIP - Secure Your Listening Port
Everyone knows about port 5060 in the voice hacking world. The only way to keep your PBX (FreePBX in this case) from being totally hit up for thousands of dollars in International (or even local/national calls) is to secure your server.
There are various ways to do this:
FreePBX is a Linx-based product. Using iptables, you can pretty much decide who has access to the system remotely. 90% of remote hacks on open source VoIP systems happen at the SSH level.
Keep that in mind, you can change the SSH port number, to something that only you'd know, and which is completely different from port 22.
If you follow that logic, then you also need to know that there are "bots" online that do only one thing: they scan the Internet for any open port 5060 they can find. Wow! You may have a locked down system, but if it is telling these bots that you are on port 5060, you telling them - inviting them - "Come and hack me!"
So, based on the above, I always recommend that you change your broadcast/listening port in FreePBX to something like: 5417. Wait a month, and change it again to something else. Keep it within the acceptable working range (and please don't use my example port number; make up your own, 'cause the bad guys read this too.)
My assumption is that if you're reading this, you already know about FreePBX and where to go to make changes. If not, contact me and I will walk you through it step-by-step.
Why do I recommend you change it every month? Because the bad guys are figuring out that we know they're looking for us, and they're adapting. By continually changing your listening port, you always stay one step ahead of them. You also prevent someone from within your organization that finds out your port info from possibly leaving disgruntled, and then thinking they can use this info against your company.
There are a number of steps you have to take on a ** REGULAR** basis to protect yourself. The days of "set it and forget it" are gone in the IT/Telecom world. The bad guys made sure of that. Hopefully, you're reading this as a pre-disaster measure rather than a post. Good luck.