Google voice - incoming calls from 100?

phirephoto · December 10, 2013, 6:21am

So not even sure that description is accurate. I added google voice as an inbound and outbound route a few days ago. Starting today around 4 PM, I’ve been getting a ‘call’ from 100/100 (Name / CID) every 25 minutes:
(Pacific time)
418
443
508
534
559
625
652

And so on.

/var/log/asterisk/full.log shows nothing when these come in.

Only thing I can think of is google voice. But everything in GV is set to DND - and Google talk is set to never ring.

I guess I’ll try disabling it and see, but for the night I’m unplugging the phone, and obviously nothing that I see is logged. Any clues on what to look for? Anyone encountered this?

I have a incoming route from flowroute and a google voice trunk / route. Not sure what other information is needed to provide…

Thanks!

phirephoto · December 10, 2013, 6:35am

ATA is a Grandstream HT702. Not sure if that’s causing it. Happened again with GV trunk disabled.

dziny · December 10, 2013, 12:00pm

This seems like some is poking your server with SIP calls trying different combination of extensions/passwords. I’m assuming your port 5060 is open. You should set “Allow SIP guests” and “Allow anonymous inbound SIP calls” to NO in advanced SIP settings. If your asterisk is 1.8 you won’t see IP address from which those calls are coming in /var/log/asterisk/full.log. However, with asterisk 11 those should be visible in /var/log/asterisk/security.log and you can act further on them (say ban those IPs with fail2ban if you wish). Closing 5060 port is also an option of course if you can do that.

phirephoto · December 10, 2013, 2:46pm

Hi,

Thanks for the reply. I’m running asterisk 11.6.0 and allow sip guests and allow anon inbound sip calls are both no. I have no /var/log/asterisk/security.log ?

Thanks.

phirephoto · December 10, 2013, 2:47pm

drwxrwxr-x. 4 asterisk asterisk 4096 Dec 9 04:19 .
drwxr-xr-x. 9 root root 4096 Dec 8 03:40 …
drwxrwxr-x. 2 asterisk asterisk 4096 Oct 21 11:44 cdr-csv
drwxrwxr-x. 2 asterisk asterisk 4096 Oct 21 11:44 cdr-custom
-rw-rw-r–. 1 asterisk asterisk 76994661 Dec 10 06:44 freepbx_dbug
-rw-rw-r–. 1 asterisk asterisk 224973 Nov 4 23:23 freepbx_debug
-rw-rw-r–. 1 asterisk asterisk 1123768 Dec 10 06:44 freepbx.log
-rw-rw-r-- 1 asterisk asterisk 625340 Dec 10 06:44 full
-rw-rw-r–. 1 asterisk asterisk 56860141 Dec 9 04:19 full-20131209
-rw-rw-r–. 1 asterisk asterisk 7190 Dec 10 06:44 queue_log

dziny · December 10, 2013, 5:21pm

You won’t since security log is a new feature that started with asterisk 10 I believe. Unless you want to upgrade (and you should since 1.6 is EOL) you won’t get it.

dziny · December 10, 2013, 5:28pm

Oh sorry I misread. You are on 11.6. There is a module in freepbx that allows you to change what is logged. Make sure you are logging security events into a separate log.

dpeloquin · December 10, 2013, 6:03pm

Ensure your system is up to date and then check Settings -> Asterisk logfile settings. You can enable the security log level for your existing full log, or create a new custom log. You can also manage fail2ban (block ip’s)in freepbx under admin -> system admin -> intrusion detection

phirephoto · December 10, 2013, 7:21pm

Thanks for the reply… I don’t see any Security log setting? And under Admin, I don’t have a System Admin? Don’t see System Admin or Intusion detection anywhere.

That would help with other attempts though so would be nice to add that if possible!

phirephoto · December 10, 2013, 11:14pm

So I don’t know if this is a different issue - I’d be happy to create a new thread, but I’m seeing this a lot in the log:

[2013-12-09 07:21:07] NOTICE[1581][C-00000533] chan_sip.c: Failed to authenticate device 1011sip:[email protected];tag=f8d7b834
[2013-12-09 07:36:03] NOTICE[1581][C-00000534] chan_sip.c: Failed to authenticate device 1011sip:[email protected];tag=fd8a5ddd
[2013-12-09 07:51:06] NOTICE[1581][C-00000535] chan_sip.c: Failed to authenticate device 1011sip:[email protected];tag=5fffb0b0
[2013-12-09 08:05:41] NOTICE[1581][C-00000536] chan_sip.c: Failed to authenticate device 111111sip:[email protected];tag=18d83f46
[2013-12-09 08:20:44] NOTICE[1581][C-00000537] chan_sip.c: Failed to authenticate device 111111sip:[email protected];tag=0a052856
[2013-12-09 08:36:21] NOTICE[1581][C-00000538] chan_sip.c: Failed to authenticate device 111111sip:[email protected];tag=e9b1b60a
[2013-12-09 08:52:49] NOTICE[1581][C-00000539] chan_sip.c: Failed to authenticate device 7107sip:[email protected];tag=5f9bd92c
[2013-12-09 09:08:50] NOTICE[1581][C-0000053a] chan_sip.c: Failed to authenticate device 7107sip:[email protected];tag=536bda1d
[2013-12-09 09:26:02] NOTICE[1581][C-0000053b] chan_sip.c: Failed to authenticate device 7107sip:[email protected];tag=78ecf997
[2013-12-09 10:02:22] NOTICE[1581][C-0000053d] chan_sip.c: Failed to authenticate device 300sip:[email protected];tag=17986154
[2013-12-09 10:21:13] NOTICE[1581][C-0000053e] chan_sip.c: Failed to authenticate device 300sip:[email protected];tag=b9c51b0e
[2013-12-09 10:42:07] NOTICE[1581][C-0000053f] chan_sip.c: Failed to authenticate device 9000sip:[email protected];tag=dc733d4d
[2013-12-09 11:02:23] NOTICE[1581][C-00000540] chan_sip.c: Failed to authenticate device 9000sip:[email protected];tag=af4b12e0
[2013-12-09 11:21:48] NOTICE[1581][C-00000541] chan_sip.c: Failed to authenticate device 9000sip:[email protected];tag=b85a70ee
[2013-12-09 11:43:02] NOTICE[1581][C-00000542] chan_sip.c: Failed to authenticate device 1223sip:[email protected];tag=6be33b9f
[2013-12-09 12:02:52] NOTICE[1581][C-00000543] chan_sip.c: Failed to authenticate device 1223sip:[email protected];tag=ae87223e
[2013-12-09 12:24:14] NOTICE[1581][C-00000544] chan_sip.c: Failed to authenticate device 1223sip:[email protected];tag=4e5b04f6
[2013-12-09 12:29:48] NOTICE[1581][C-00000545] chan_sip.c: Failed to authenticate device 1001sip:[email protected];tag=c8038b0e
[2013-12-09 12:29:56] NOTICE[1581][C-00000546] chan_sip.c: Failed to authenticate device 1000sip:[email protected];tag=7ed42832
[2013-12-09 12:42:48] NOTICE[1581][C-00000547] chan_sip.c: Failed to authenticate device 1033sip:[email protected];tag=6cce4409
[2013-12-09 13:02:07] NOTICE[1581][C-00000548] chan_sip.c: Failed to authenticate device 1033sip:[email protected];tag=140f61b8
[2013-12-09 13:10:53] NOTICE[1581][C-00000549] chan_sip.c: Failed to authenticate device 400sip:[email protected];tag=122f8855

The IP shown is the IP of the server…

phirephoto · December 10, 2013, 11:21pm

So it looks like the forum didn’t like the brackets… so
The log line is:

[2013-12-09 11:02:23] NOTICE[1581][C-00000540] chan_sip.c: Failed to authenticate device 9000 Left Bracket sip:[email protected] Right Bracket ;tag=af4b12e0

tm1000 · December 11, 2013, 1:30am

Enable the commercial module repo from module admin and system admin will show itself

phirephoto · December 11, 2013, 1:43am

So attempted to install it get error:
System Admin cannot be installed:
PHP Component Zend Guard Loader is required but missing from you PHP installation.
File /usr/sbin/incrond must exist.
Please try again after the dependencies have been installed.

Googled around and found a number of links, all pointing to a FAQ on http://wiki.freepbx.org/display/FCM/Asterisk+Now+and+Other+FreePBX+System , however there I get “You are not permitted to perform this operation.”

tm1000 · December 11, 2013, 1:56am

Try to view the page again and you will be able to see what you were looking for

phirephoto · December 11, 2013, 2:50am

what the heck… So finally tried another browser. It worked. Still wouldn’t work in chrome after 100 refreshes…

Ran the first 3 commands:

wget -P /etc/yum.repos.d/ -N http://yum.schmoozecom.net/schmooze-commercial/schmooze-commercial.repo
yum clean all
yum -y install php-5.3-zend-guard-loader sysadmin fail2ban incron ImageMagick

Rebooted.

Now, I login - then when I click on any thing, I get the ‘3 guys’ screen - Freepbx admin, user control, get support.

and module admin doesn’t work, I get

Not found
The section you requested does not exist or you do not have access to it.

So like login. Go to feature codes, get the freepbx admin / user control panel / get support screen. Click freepbx administration. Log in. Get requested screen (except module admin).

What the heck?

tm1000 · December 11, 2013, 2:55am

Run these beautiful commands on the command prompt:


chown -R asterisk:asterisk /var/lib/php/session
amportal chown
amportal a r

Sorry this is such a pain.

phirephoto · December 11, 2013, 5:56am

Oh man, thank you you are a lifesaver! LOL. Had me scared there!

so not sure if it’s my setup or something else, but I had to cd to the directory amportal was in /usr/local/sbin, and sudo ./amportal … amportal didn’t work from another directory, sudo amportal didn’t work from another directory. From IN /usr/local/sbin sudo amportal … didn’t work. just really odd. Just in case anyone else runs across that

Thanks!

And - not sure if this tells you anything, but today - NO calls from the odd caller ID. Until I ran the above commands - then literally 2 minutes later, a call from 2000000 / 200 0000 (name / Number) . I wasn’t home but based the no calls today on my caller ID on the phone…

tm1000 · December 11, 2013, 6:27am

Do you perhaps have allow anonymous sip set to true in freepbx > advanced settings

phirephoto · December 11, 2013, 3:17pm

Nope, allow sip guests and allow anonymous inbound sip calls are set for no.

phirephoto · January 7, 2014, 12:16am

so just wanted to bump this… Still happening. Nothing in the logs at all. Could it possibly be my grandstream? Is there some other log to look at?