Yesterday I modified my freeswitch config to allow phone registration over the WAN for a very specific and short-term use case.   You may remember a warning about this in my FreeSWITCH presentation - this open registration is a big no-no. You can probably see where this is going.

Not being entirely foolish, I introduced an ACL to limit it to my household IP - or so I thought! The ACL I modified had a default "allow" policy (woops!!). Within 2 hours, I had hackers trying to authenticate.  Within 24 hours, they were making calls to the Caribbean and Palestine!

I'm still doing a postmortem to see exactly how they were able to register - the accounts they were able to use did not (and still do not) exist in my dialplan.  That one's a headscratcher.  It's probably a goofy config on my part.  At worst, there was a freeswitch exploit used.

Luckily les.net has some very good piracy detection, and they were able to turn off my service before I had any serious financial impact - I'm out about 25 cents.

Moral of the story- don't open your PBX's internal registration to the internet - even if you think you know what you're doing ;)