Blocking robocalls with duplicate incoming calls

Is there a way to configure FreePBX to block incoming calls that are duplicated within seconds? I tried searching and couldn’t find anything but if there is another post that you are aware of that discusses this please let me know!

For example, the call entry below was a robocall that came in this morning and just about every other robocall I get on this system shows the same behavior - one call followed by a second one immediately. While I can keep blacklisting the numbers that’s just a game of whack-a-mole. If I can outright block this type of incoming behavior it would make life way easier.

Call Date/Time
2022-05-25 17:15:07
2022-05-25 17:15:33

This appears to be a robocall thing, the second call goes to your vm to leave a recording while you’re dealing with the first call. Allow list will stop this, challenge all calls into the system that come from unrecognized sources. Otherwise you could use dyroutes with an SQL query that looks for any recent inbound calls in the CDR from the same source.

Allowlist would require me to compile a list of known numbers to accept but since I don’t have an IVR I don’t know how I could challenge the unknown numbers. Also, managing an allowlist like that would have a high overhead as well.

I was hoping there was something more automated to detect this behavior and kill it, similar to your second recommendation though I have no idea how to accomplish that. Is that documented anywhere as to how to do so?

I use allowlist and it’s self managing. All inbound calls go to an IVR, if the caller successfully gets thru the IVR, their CID is added to the allowlist so they can skip the next time. All outbound numbers get added automatically as well.

I don’t think dynroutes is the answer here, at best it will only block the second call but you are still left with the first call to deal with manually.

A start on the SQL query to see if there have been any calls maching CID in the previous 30 seconds:

select count(*) from cel where `cid_num` like "${CALLERID(number)}" AND `eventtime` > NOW() - INTERVAL 30 SECOND; 

result will be 0 if there are no matches, otherwise non-zero.

The issue also is I don’t have an IVR running for inbound. This system is mostly used for a small remote office that has two incoming DID’s and some inbound/outbound fax configurations. Any ideas on if this could be possible without an IVR?

this would also nuke / block anybody who:

  • calls
    *realizes they have to sneeze
    *hangs up, calls back

and anyone who calls, gets a Busy, and dials again.

I like the allowlist far better than blocking any repeat callers.

My thinking is that no human is going to repeatedly call back in less than 0.3 seconds? Every call log I see has the second call between 00:00:22 and 00:00:27 from the first call

thats fair. your initial example had a 26 second difference between calls though, which is where I came from on this.

Yes you are right. I had my placements wrong so that would be 22-27 seconds. My bad on that. But yea I wish there was a simple (non management intensive) way to block these robocallers as I have yet to figure something out.

Technically speaking a fail-2-ban rule could be written to do this.

1 Like

Goto Sip settings and disable anonymous calls,
Use firewall and allow your static ip along with fail2ban,
If still happens make a dummy IVR and add verification on it like “if you are not a robot please press 1” and direct call to your destination.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.