I have allowguest=no; alwaysauthreject=yes in the IAX and SIP general custom conf.
I remember now I put it there when I first set it up.
I think what I am trying to say is that because asterisk is software it has to constantly be updated and maintained, whereas a hardware PBX on the wall just does it's job year after year without any bother.
I admit that I am not clued up enough (yet) to setup asterisk from scratch and create a secure dialplan or even what a secure dialplan looks like so I have to rely on the likes of Elastix trixbox and PIAF to make sure their dialplans are secure and if they can't get it right what hope do I have.
I do however know my way around computers and networking in general and believe i have followed basic security measures.
FYI I have read somewhere that Fail2ban can be got through with a hacking tool because it is too slow to react.
So just goes to show nothing is safe for long.
Keeping your box invisible to the internet I believe is the most important thing, if they don't know your there they can't hack you.
I have been talking to 2talk and they confirmed the calls came from their upstream provider through the PSTN network, so will make tracking back to them difficult. I would really like to find them and beat them with a stick LOL.
My trixbox could have been hack with a simple Telecom landline, no fancy hacking tools needed.
I only ever have $10 to $20 on my 2talk account anyway so they will never get much out of me.