Someone making outbound calls with my server?

So I've ran into a problem recently where extensions that I know are in use and show they are logged in from my IP are making massive outbound calls, I was hoping someone could help me out with this and explain what could be happening... I know there are hackers out there who love to get a hold of machines and place outbound calls to overseas because for my server it's a long distance or even local call where as to them it would be international, but nobody wants them getting in and using their stuff. So here is the message I am getting -

[Mar 1 06:09:18] -- Executing [555900972595078311@trunkinbound:1] AGI("SIP/", "agi-DID_route.agi") in new stack
[Mar 1 06:09:18] -- Launched AGI Script /usr/share/asterisk/agi-bin/agi-DID_route.agi
[Mar 1 06:09:18] -- <SIP/>AGI Script agi-DID_route.agi completed, returning 0
[Mar 1 06:09:18] -- Executing [555900972595078311@trunkinbound:2] Hangup("SIP/", "") in new stack
[Mar 1 06:09:18] == Spawn extension (trunkinbound, 555900972595078311, 2) exited non-zero on 'SIP/'
[Mar 1 06:09:18] -- Executing [h@trunkinbound:1] AGI("SIP/", "agi://") in new stack
[Mar 1 06:09:18] -- <SIP/>AGI Script agi:// ... ---------- completed, returning 0

This is after I have removed the phone extensions that were making the outbound calls.

WIth this being said, I have Asterisk built by abuild @ build32 on a x86_64 running Linux (Vicibox Install)

I'm not sure how to stop it dialing like this...


Active member
darkeye08 - Active member  
Hi Good day!

The logs you send shows calls coming from trunkinbound which is an inbound call, the outbound call usually goes to the default context. Just want to ask if this happens every time an agent was login? or if this happens even there is no one uses the server? If it is the latter you can check the list enabled in the system as their might be uploaded test leads.

Hope this helps. Cheers!
close button