I have not checked our landline bill (twin POTS lines), but let me restart this thread with additional info gathered today. I said the phones kept resetting their BLF fields. But two of them mysteriously reset, halfway, so to speak. Two other extensions were completely reset, all BLFs said the same extension number as the phone. The only change occurring before this happened, but not in close proximity really, like a couple weeks, was going from pure digital via WAN cable connection to a Grandstream GXW-4104 FXO gateway. The gateway has the WAN light lit, not the LAN light, but from the instructions it is suppose to use the WAN port to communicate over the switch to the PBX. I, without reading instructions would assume going out on a landline it would use the LAN port to stay local, but I followed the 3CX instructions. Now, the 5th extension, the final one, is a Handytone 286 FXS converter providing ability to use two cordless DECT phones. I bring this up because I am wondering about all devices on the network, the FXO gateway, the Handytone converters, and the 4 Cisco 504Gs, do the phones themselves provide a path for a hacker to get into the PC or to make calls if the admin interfaces were left at factory settings for passwords? I had forgot about the possibility of the phones being entrances for malicious activity. One thing which doesn't make sense are some of the logs. I have one on a thumb drive here, later when I work I will grab the other one I documented which seems far stranger. What is being shown is a very beginning log after the V11 install on the same network as the other 3CX machine. I simply have 1 extension entered, no trunks or anything tied in, just a bare minimal install and I was wondering if you could have a look and tell me of the lines I circle are normal or if anything odd is there. I would appreciate it. Thank you.