Seems like someone was able to get access to my elastix box which runs on a vps. The box itself was not used to make call but the accesscodes to some trunks were used. This happened twice now in 10 days time. After the first time all passwords were changed but still 2 days ago I saw misuse. Since I only use prepaid the amount is not huge but stil it cost me money. Fail2ban has been installed by the provider. My only concern is that the standard mysql password used by elastix is still in place. How can I change this. I am still on version 2.0.0 and in another thread I asked how I can update to a newer version 2.0.x as this might help to close some gaps there might be. Otherwise I don't know what to do or can I get paid support for someone to look into the box and make it more secure.