Indeed but I wasn't trying to warn you about that specific REST API exploit, rather I was cautioning you about the one that will only become known two minutes, two months or two years from now and who knows what it needs to be exposed to be exploited... perhaps one of the ports you have exposed :)
WeirdOneTwoThree
No but they can if the system is improperly configured or the system is changed to be badly configured so a better answer is "maybe". Just because they can't today doesn't mean they won't be able to tomorrow or next week (see below).
Exposing the SIP port to the world will quickly have them knocking on your door and twisting the door nob to see if it is locked, all night, all day, everyday, forever... consuming bandwidth and system resources.
If you enable the “Responsive” firewall features then attackers (identified by connection attempts with the wrong credentials) get shunned (ignored, packets dropped) after a couple of login attempts for a configurable length of time which sounds good but with a recent exploit they were somehow able to turn off the firewall remotely and start exploiting systems so it's something you have to manage carefully. Be careful when configuring the responsive firewall as it's not uncommon for someone to lock themselves out of their own system.
Consider installing a Session Border Controller (SBC) for more security.
Such a setup is easily achieved but has nothing to do with what the call terminates on be it a VoIP set or an ATA pretending to be a VoIP set. I seen carriers that provide an IVR to allow the customers to add numbers to a blacklist and the vertical service code to access and use that could be accessed from any set (including an ATA).
100 extensions even at $10/each is $1000/month. You can buy a small on-premises system for less than that and pay for the all sets with the monthly fees from month 2 and 3; then you can subscribe to the VoIP carrier of your choice for next to nothing and not be beholding to anyone, even add a good ole copper POTS line or two as backup diversification in the event your Internet isn't working. Seems like this is clearly a case where paying per seat gets pricey fast.
I heard it suggested in the past that sending telemarketer calls to a SIT VC (Vacant code) tone would result in their automatic robot-dialers recognizing this as a disconnected or not in service number and quickly deleting it from their database but if the calls you are targeting are coming from low-budget scammers doing the dialing themselves without the more sophisticated autodial equipment that would understand a SIT then likely not to be as effective. With one employer (who I now haven't worked for in years) we had enough trouble with telemarketer calls we programmed an extension with an announce-only mailbox to emit a SIT VC and recording such that we could just one button transfer the calls to it and make them go away.
All depends on the REN (Ringer Equivalency Number) of the ATA and connected phones. Each phone usually has a REN number, often indicated on the information placard or sticker on the bottom of the phone. If the ATA supports 3 REN, then that is 3 normal phones with a REN of 1 or 2 REN 1.5 or 1 REN 3. All of the phones on the line should not add up to more than the REN rating of the ATA or incoming calls get auto-answered and immediately hung up on as the line draws enough ringer current for the ATA to believe that one of the phones has gone off-hook.
Just wondering how you got along with this and if I can be of any further help to you in getting it setup?
Even if they burn down, roll over and then sink into the swamp you can still get them from their upstream carrier.
That phone (often or always) comes out of the box set up to connect to the Yealink provisioning service (which yes will give you dial tone) but it has nothing to do with your SIP service you want to use or any dial tone that's useful for making calls.
To reset your T4 series handset, ensure your phone is at idle (no calls in progress, or any notifications for voicemail, etc.) Press and hold the OK key for about 8 seconds, until you receive the 'Reset to Factory' prompt, then press OK to confirm the reset.
If it just reconfigures the same way then you have to contact Yealink and get them to remove it so you can configure the phone manually the way you want to. I think you might be able to get into it for a short time after resetting it with the standard admin/admin login and then turn off auto-provisioning but when I did that it still went back to the provisioning service eventually until I asked Yealink to exempt it.
Cisco phones you need a dedicated server in an enterprise environment
Not entirely true, I have gotten them to work nicely with FreePBX but it's probably not how you want to be spending your day and they are meant for a Cisco server so you have to manually create some required configuration files, etc.
VOIP service from my service provider
I'm thinking you might not have a VoIP service to use this phone with because you say you converted your phone to digital and plugging a standard phone to the FON port works, also that you expected it might work out of the box without any configuration leads me to think you don't have a VoIP service, just what your provider calls digital. and digital does not always mean SIP (at least not a SIP service you can use except by plugging in an ancient analogue phone).
In any event, if you did purchase a SIP service from someone they will have given you the information you need to configure that phone to work with it.
Yeah, that's a trivial thing to set up. Just buy SIP service from someone like and a local DID in the same calling area as the restaurant ($1.25/month). When they want you to handle their calls they just forward their main number to your DID and when they don't want to send you calls they just unforward it. Could even program buttons on their phone to dial the vertical service code and number to activate and deactivate this.
Why forward instead of porting the number? Well I assume the restaurant wants to keep ownership of the number and there is always the issue like the fiber optic link to Pakistan got severed by a fishing trawler or an earthquake.
You might want to consider the commercial version of FreePBX (and even the corresponding supported hardware if you like), I'm not allowed to mention it by name directly due to crazy overzealous enforcement of Rule #1 I will never understand. In any event, having used both I find it is quite a bit nicer than FreePBX because it comes with so many additional and useful modules although the HA failover capability is an extra cost option but I think it's also a "hands off" or automatic thing so if the primary system fails the second one takes over without someone having to do something to make that happen.
The device you mention is basically the same thing but with a different skin that will take more getting used to, by using the commercial version of FreePBX you would basically have what you have now except a little more (but still totally familiar) and running on modern, supported hardware.
What you suggest will of course so exactly the same thing but have more of a learning curve.