Recieving A High Volume of Robo / SPAM Calls

One of our FreePBX systems connected to a SIPstation account is receiving a high amount of Robo calls and spam calls each day. I have added over 100 entries to the black list and attempted to make changes to the IVR to discourage them from getting thru but it seams still they get more than 40 plus calls per day from a very wide variety of CIDs. If someone could please offer me some guidance in how we can combat this I would greatly appreciate it.
I did contact SIPstation support and they said there was nothing they could do.

Add an ivr that requires a button press to get through. Taht usually does most robo calls. Give them a bit and hangup if no action.

1 Like

You can modify this to just be one digit. So the path to the queue is always different.

If the calls tend to come all at once you could have a call flow control to toggle between this and a normal IVR.

Out of curiosity, are they calling a 1-800(or another toll-free #)?

It’s a local number. It is a municipal building for the locality. So whatever I do has to maintain a professional atmosphere. I have edited the IVR so they have to choose an option like 2 to get through but that doesn’t seem to slow it down a lot.

That is strange considering they had to submit a Robocall Mitigation plan per the FCC. Doesn’t sound like it is working.

Any commonality in the IP addresses? You could look at adjusting your firewall.

In the FreePBX GUI under Settings >> Asterisk SIP Settings >> General Settings Tab do you have either
Allow Anonymous Inbound SIP Calls or Allow SIP Guests turned on? That could allow spammers to bypass your incoming SIP provider and directly attack your system.

Allow Anonymous Inbound SIP Calls was set to “No” but Allow SIP Guests was set to “Yes” and I cahnged that to “No”. Our external firewall was set to only allow connections on SIP ports from our provider SIPstation and no where else, but I still changed it as you suggested.

How do I see wht IP calls are coming from to find commonalities and block them?

They are assuming the calls are coming direct, not through your provider.

You could try

It doesn’t actually work and so far the Federal Trade Commission have not answered my complaint that it doesn’t.Technically you could report land-line ‘nuisance calls’ to your local police, who could technically get the carrier involved, but unfortunately you will probably find, as I did, that NGAS :wink:

So every first time caller to some of my numbers has to now know correctly what day it is, or gets sent straight to jail, however repeat callers generally get sent to the last entity that their last call resulted in.

The calls should show up in your CDR reports. There you find the list of numbers that are calling. I’m sure you already use that to blacklist numbers. The only way to find the IP’s of originating calls without using a tool like sngrep running is to examine your /var/log/asterisk/full log for the time the call came in.

If your carrier’s IP is all that shows up when the call is answered, it will be clear they are coming in via the carrier. If it continues, I’d move my numbers to a better SIP carrier because that will indicate that your current vendor is doing a poor job of blocking nuisance calls.

Often the CID has a suite. e.g: 0123456789, 90, 91, …etc
You can enclose the CID range a create some inbound routes to forward them into a terminate call destination.
Sometimes I do like this

Just an idea like that.

The FCC has a solution for it, called Stir Shaken, and it’s mandatory, but Sipstation and Sangoma refuse to support it. They actively refuse.
[Case # 01466843] / Emerge & Company / Main / auto-reply / [ ref:_00D306mPe._5004U1BlBLF:ref ]

They have said this? Documented?

The FCC has a solution for it, called Stir Shaken, and it’s mandatory, but Sipstation and Sangoma refuse to support it. They actively refuse.
[Case # 01466843] / Emerge & Company / Main / auto-reply / [ ref:_00D306mPe._5004U1BlBLF:ref ]

Hey Philip, There’s a lot of misinformation in this post that I just want to clear up. Yes, STIR/SHAKEN is mandatory for Voice Service Providers and Sangoma’s retail products (SIPStation, UCaaS, etc):

and our Wholesale Trunking as a Service:

All have full STIR/SHAKEN implementation as required by law, so you don’t have to worry about us not having it implemented.

Secondly, while the ultimate goal of the TRACED Act, where STIR/SHAKEN implementation is mentioned, is to minimize the number of illegal robocalls; STIR/SHAKEN itself is not a direct solution for them. The goal of STIR/SHAKEN itself is for the ITG (Industry Traceback Group, headed by US Telecom) to easily be able to track down the provider that is allowing these calls on their network.

Prior to STIR/SHAKEN, when the group received complaints about illegal calls, they had to literally trace the call back through each carrier that touched the call to figure out where it came from. Now, with STIR/SHAKEN, the Voice Service Provider that is providing service to the caller is literally signing the call. This does 2 things:

  1. Allows the ITG to see exactly who is allowing the culprit on their network (so long as the header actually gets to the called party, given the fact that there is a lot of analog backbone in the US, it is fairly likely that the header won’t even get there)

  2. In conjunction with the “Know Your Customer” requirements in the TRACED Act and how seriously the FCC is taking people who allow this traffic on their network, it makes Voice Service Providers more picky and perform a higher level of vetting before bringing a customer onto their network, thus weeding out obvious bad actors.

STIR/SHAKEN, sadly, is not a panacea for the illegal robocall problem. It’s merely a means to hold people more accountable. We do have it implemented though and work regularly with the ITG on doing our part within the ecosystem. The FCC has continued to add more and more carriers to their blacklist, carriers that aren’t taking illegal robocalling seriously, so hopefully one day we’ll get to a better place with them.

1 Like

What happens when they get past your IVR? Is it a real person or a recording? The “must press something to be connected” IVR trick has always worked well for me, and NO robocallers get past it. If robcallers are getting past yours then it means that either (1) there are some new, very sophisticated IA robcallers out there now or (2) your IVR is somehow configured to connect if nothing is pressed or to let them give random guesses. Make sure that it takes at least 2-3 digits to be connected to a real extension and that bad guesses get only one more try at most.

If it is real, live people behind the spam calls, then there is not much you can do to automatically block them. However, since real, live people are way more expensive than robocallers, you can tell them that there is no chance of making a sale to you and they will often go away; their time is to expensive to waste on lost causes. You mention that you have a municipal building, so it is possible that you are being targeted by political opponents. The callers are probably domestic (although they may be obscuring their location) so you might have luck tracing them and identifying them, possibly using non-technical means like getting them to talk enough to identify themselves. Give your tenants an instruction sheet on how to deal with actual live junk callers.

Good luck.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.