Fake calls

A friend of mine has installed Asterisk and after few days somebody has broken it and made some calls around the world what will cost my friend a bit so I have promised to take a look at logs (Asterisk and Apache) to find what and how has been broken.
I have downloaded few ebooks about Asterisk to make my knowledge more then zero but it will take a time to read and we want to find something earlier so I have two questions to gurus here.
I removed the hard drive from the computer and connected it to mine (with Windows system) to avoid running any hidden processes or nasty programs if any exists.

  1. where to look at the beginning?
  2. in the “full” log I’ve found many lines

xxx are numbers
what does it mean?

Thanx a lot for any help

That means that extension number was added to the context SIP in the dialplan.

If you pick up a phone and dial that extensions number, it should do something. The something will depend on what is coded. Could be ring another SIP phone, add something to the database, or call a SIP phone across the world.

If you have CDR turned on, you might try looking at those records to see what kind of calls where made and from what numbers.

Make sure the sip.conf file contains the following in its [general] section to disable guess:

[general] allowguest=no bindaddr=<IP Address of the the Asterisk PBX system> deny=0.0.0.0/0.0.0.0 localnet=192.168.1.0/24 ; If that is the local network where the Asterisk PBX system is connected to permit=192.168.1.0/24 ; If that is the local network where the Asterisk PBX system is connected to
I am sure others will come up with better solutions.

Great thanx for responses guys :smile: