Enterprise-Grade Security for VoIP Infrastructure
PBXShield combines a lightweight, powerful local agent with an intelligent cloud dashboard to detect, prevent, and audit security threats on Asterisk, FreePBX, Vicidial, and more.
Complete Protection
Everything you need to secure your PBX fleet
Real-Time Security Monitoring
Live tailing of
/var/log/asterisk/full
and web logs. Instantly detect RCE attempts in Nginx/Apache and
automatically handle log rotations with smart inode tracking.
Universal Firewall Integration
Automatically detects and integrates with your existing firewall. Supports Fail2Ban (with jail detection), Firewalld, UFW, and raw IPTables. AuditOnly mode available.
Global Threat Intel
Stay ahead of attackers with cloud-synced blacklists. PBXShield automatically fetches community intelligence (like VoIPBL) and applies it to your edge firewalls instantly.
Active Defense
Precision Threat Detection
Our deep-packet and log analysis engines identify complex attack vectors that traditional firewalls miss.
SIP Scanners
Detects "No matching endpoint" errors to block reconnaissance bots.
AMI Brute Force
Blocks manager authentication failures and unauthorized ACL attempts.
Web RCE & Path Traversal
Detects directory traversal and code injection (eval, system) against PBX web interfaces.
Toll Fraud
Identifies suspicious long-distance or international calling patterns instantly.
Trunk & Extension Offline
Monitors connectivity of SIP/IAX2 trunks and endpoints, alerting on downtime.
Protocol Errors
Catches WebRTC (SRTP/WebSocket) issues, SSL/TLS shutdown failures, and Nginx 444 drops.
Continuous Security Audits
PBXShield doesn't just block attacks; it proactively audits your system for vulnerabilities. Structured audit results are reported securely to your cloud dashboard.
FIM & Web Shells
File Integrity Monitoring tracks unauthorized changes to web roots. Scans for malicious PHP web shells.
Weak Credentials
Checks PJSIP/legacy SIP passwords and FreePBX admin credentials against known weak patterns.
System Integrity
Detects unauthorized SUID binaries, ghost processes, and malicious cron jobs/startup scripts.
Access & Privilege
Monitors SSH authorized_keys, suspicious database users, and unauthorized Asterisk Manager Interface (AMI) users.
Zero-Maintenance Architecture
Our agent is built to be invisible to your PBX engine. It updates itself securely with dual-key Ed25519 signature verification, SHA256 checksums, and TLS certificate pinning—with built-in rollback support.
- Smart Filtering (Sends only Warning/Critical audits)
- Respects Server Maintenance Windows
- Asterisk Health Check & Service Monitoring
Supported Platforms
Ready to secure your PBX infrastructure?
Deploy PBXShield in under 5 minutes. No complex configuration required. Let our platform defend your nodes while you focus on your business.