Yesterday I modified my freeswitch config to allow phone registration over the WAN for a very specific and short-term use case. You may remember a warning about this in my FreeSWITCH presentation - this open registration is a big no-no. You can probably see where this is going.
Not being entirely foolish, I introduced an ACL to limit it to my household IP - or so I thought! The ACL I modified had a default "allow" policy (woops!!). Within 2 hours, I had hackers trying to authenticate. Within 24 hours, they were making calls to the Caribbean and Palestine!
I'm still doing a postmortem to see exactly how they were able to register - the accounts they were able to use did not (and still do not) exist in my dialplan. That one's a headscratcher. It's probably a goofy config on my part. At worst, there was a freeswitch exploit used.
Luckily les.net has some very good piracy detection, and they were able to turn off my service before I had any serious financial impact - I'm out about 25 cents.
Moral of the story- don't open your PBX's internal registration to the internet - even if you think you know what you're doing ;)