Avoid / Ban redundent bot callers on Raspbx

Hello

My RASPBX is often receiving calls from bots that change / mix their caller IDs

I would like to ban these redundent calls, is there an automated way to detect these kind of calls and avoid them ?

To limit the impact i was think about restricting to my country code all incomming calls.
Can someone tell me how i set RASPBX with gui interface to do so ?

Here is attached below a log example showing the bots attacks :

Many thanks for your help,
Regards,

Do you have 5060 open?

If you insist to keep it open you block these calls, by setting an inbound route which looks for this CID _8XX0010930115138

I have these NAT rules for RASPBX service :

TCP 10000-10100
UDP 5052
UDP 5053

Do i have a create a new inbound route as destination : ‘hangup’ ?

Can you explain me what _8XX does exactly ?

If this kind of rules bans this ID, but for sure i am going to receive more bots calls in the future.
i have amost 1 attack like this per day and really don’t how to definitely avoid them.

Is there an easy way to ban them from a softphone to routes them to trash as soon as possible without the need to connect to RASPBX gui ?

Are these ports open to the public?

It is.

If these “bots” are calling your number, then there’s nothing really you can do besides creating hangup rules.
But if they are calling your PBX via SIP connections then you can just restrict access.

The ports are indeed open to public ( NAT to RASPBX device )
I need them open to let RASPBX connect to my remote SIP account provided by ovh.com

What does mean “_” and 8XX characters in the ban string ?

For now, my RASPBX is almost unusable since bots attack it almost every day at 3 or 5 minutes period.

I will take me time to ban a new and different CID every day, i’m most of the time on field without immediate possibility to write a ban rule straight away to stop them.

We’ve been violently debating this for the past week or so. The short answer is “No”, but of course, it’s not the complete answer.

have you checked to make sure guest and anonymous calls are disallowed?

Can you explain me the difference between ‘anonymous’ and ‘guest’ calls ?

Actually I don’t know how to disable them.
Would you please tell how to do it ?

Ask them for their IP’s and allow access from their IP’s only, you shouldn’t have any trouble going forward… (If it’s actually as you discribe it)

However, best if you can lock it down as mentioned.

Explore your gui more deeply, it’s all in there :wink:

I will.
Can someone explain what these characters do mean when placed into the inbound ban string ?

“_”

and

“8XX”

https://wiki.asterisk.org/wiki/display/AST/Patt

Again. If you restrict your ports, you will probably not need this.

Yes, I will try to allow only OVH provider ip on the ports used by RASPBX.

But I think I have to accept the ip(s) of my remote soft phones , if not they no longer should be able to place and receive calls.

I’m not very confortable with iptables, does someone have an exemple of rule that would let pass only some Ip only ?

Hi, in addition to what has been already mentioned above, here is a quick summary of what I did on my Raspbx.

  1. Firstly, disallow guest and anonymous sip calls as already suggested above.
  2. Set ACLs on your trunks so that SIP connections are locked down to VSPs addresses as already suggested above.
  3. On my ISP gateway/router drop all traffic apart from anything coming from your SIP providers.
  4. Add iptables rules to accept only sip requests coming from ISP addresses and which are specifically addressed with my SIP credentials (hopefully, which only my ISP knows).

As mentioned above, is someone decides to keep calling you (and pay for it) there is little you can do apart from blacklisting that caller.

I look at the timing . every 2 sec. that a computer trying to hack into your system. close (or change)your ports and go to setting>advanced setting > (look for) Dial Options and remove any t [T t ] that may be in the option

If you are registering to your provider, you do NOT need to open any ports, and should not do so. If you’re not registering to your provider, see if your provider allows you to do so, and then stop opening the ports.

The best automated way to block robocalls is an IVR. If you don’t need or want an IVR, the next best way is a whitelist module.

It would be very simple: All calls that come in, that would normally go to a specific ring group, go to an auto attendant instead. Once a caller successfully navigates the auto attendant (proving that they are a human and not a robot), their CID is added to the whitelist, and so in the future, they will be routed directly to the office main ring group.

Unfortunately, that module does not presently exist. I opened a feature suggestion for it several years ago. If you believe that the module might be helpful, I suggest that you leave a comment here:

https://issues.freepbx.org/browse/FREEPBX-14488

8 means the number 8.
X means any number.
The _ at the beginning is required anytime you use the X.

Dicko’s claim that the GUI explains all this is not quite accurate. The GUI does contain hints about these things, but they’re hard to find and not in the right place for your purposes.

You have to hover or click on the ? mark next to the correct entry. In the case of the CID Field on the Inbound Routes module, there’s no mention of pattern matching at all. If you click on the DID entry, there is a mention of them, but no indication that it also works in the CID field. You just have to know about it.

You can find more details about pattern matching in the Dialed Number Manipulation Rules in the Trunk settings, but again, there’s no mention that the same rules apply in the CID field in the Inbound Routes Module.

And to make things more confusing, the Trunk Module automatically adds the _ at the beginning (without telling you or showing it to you), so you’d have no idea that the _ was required in the CID field in order for pattern matching to work there, unless you happened to see it when reading the ? on the DID field, knew what it was all about, and tried in on the CID field.

Have any of you guys actually read the wiki (linked above) it will give you a lot more information than the “gui help” If you need more information on how Asterisk handles regexes (not very well) you will all be better armed.

http://the-asterisk-book.com/1.6/einleitung-regex.html

and

http://asterisk-service.com/downloads/Asterisk-%20The%20Definitive%20Guide,%204th%20Edition.pdf

both set out how the dialplan interprets “wild cards”

( I seriously suggest everyone here considers this last one “required reading”)

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.