We have a Trixbox and its just been hacked, we have the trixbox on VMWare running on our server, the trixbox was on its own public IP but on same network as the server, i.e. 192.168.0.1 server and 192.168.0.100 trixbox. The hacker has it seems created an new extenstion (200) and been connecting to this extension and making international calls. The trixbox was locked down to only allow traffic on UDP (all ports).
Can anyone help and assist in:
A. How do I check my config to see if there are open/security wholes
B. Can I run a report and get IP addresses of the user who connected in?
C. Is it safe to have the trixbox on the same server
D. Can i find out how the user got connected?