Running FreePBX 15, Distro from Sangoma. All Modules updated and system is currnet.
Allow SIP Guest is off, anonymous is off, CID filter is active. Firewall is only. Random 16digit secret password for extensions and admin access. Have checked for extensions to have wrong IP address of more then 1 IP address. All seems good. No odd SIP accounts or Extensions with odd IP address.

Issue is we periodically get inbound SPAM calls to one of our numbers. These call hit an IVR and they are pressing 1. Once the call is connected they are accessing another SIP Trunk and placing out bound calls. These calls generate about 30-50 calls a second. I do add the CID to the black list, have built a dummy route for the their outbound dialed number to drop. Looking to stop these calls from occurring. Any help would be appreciated.

Asterisk Dial Options field in Settings>Advanced needs a “T” to enable calling transfer.

Asterisk Dial Options - tr should stop external callers from being able to dial out. Change and test.

Which one are you referring too?

Read the explanations (the "?"s) and make an informed decision. For many things, especially this, you will want to understand what you are enabling/disabling.

https://www.emetrotel.com/tsd/content/asterisk-dial-options

I am still able to call in and hear the IVR message and press options and reach the end user. Does this look correct for what you advised?

We have now tried to dissable the *2 and ## for transfer and it still works. How can we turn this off?

I told you in the earlier post. It doesn’t look like you’ve done that according to the pictures you have provided.

comtech,
I posted again after your suggestion to look over the ? mark, with the edited dial plan. Had asked if this looks correct to you. Did I edit the wrong one for the Asterisk Dial Plan settings

I advised Asterisk Dial Options, which it looks like you did not edit?

I reloaded Asterisk after making this change. I am still able to call in to the system and press ## to make a transfer. I also have the Feature Code turned off.

What does your trunk option “Asterisk Trunk Dial Options” show?

Current setup,

Just an “r” for the Trunk Dial Options and still able to call in and press ## to transfer.
Feature Code is off. Changed Feature code and ## still works. Reviewed the .conf file and it shows xblind= “blank”
xtransfr=“blank”
Still can ## to transfer.

Go to Connectivity>Trunks and see if the Trunks you are using for these calls use the default or are set to override.

Trunk > Asterisk Trunk Dial Options > System

I believe that the change only affects the default for new extensions and trunks. Check the dial options for the trunk and extension involved in your ## call.

Stewart,
I have rebooted the PBX and Asterisk after each change I have made prior to testing. This is an inbound call to an IVR, press 1 to reach a destination. Soon as I press 1, I can hit ## and transfer the call. This again, is an inbound call I am making to one of the PBX we manage. We have 19 of them. This is an ongoing issue and exploit that Call Pumping bots are using on our system.
I have located the issue to them using *2 and ## to make a transfer to a number, then pump calls out.
Disabling this the fix.
They change inbound caller ID to fast to keep up with the Block list for CID

Also, with all of this disabled and turned off, I see the /etc/asterisk > features_featuremap_addistional.conf indicates the code is gone. But yet we can still do it.

This seems to be hard coded else where. I have changed the Feature code to something entirely different and the ## still works. Even looking the conf file for this, it indicates the new command for the transfer, but still allowed to do ## soon as the inbound call reaches the IVR.

Do you have anything in the *_override files?

In the IVR that you have setup, Is Enable Direct Dial enabled?

File is empty, and the IVR does not allow Direct Dial.
Also added ## and *2 to the dial options in the IVR to terminate the calls to see if that would do it, but it does not. Still can transfer…