Running FreePBX 15, Distro from Sangoma. All Modules updated and system is currnet.
Allow SIP Guest is off, anonymous is off, CID filter is active. Firewall is only. Random 16digit secret password for extensions and admin access. Have checked for extensions to have wrong IP address of more then 1 IP address. All seems good. No odd SIP accounts or Extensions with odd IP address.
Issue is we periodically get inbound SPAM calls to one of our numbers. These call hit an IVR and they are pressing 1. Once the call is connected they are accessing another SIP Trunk and placing out bound calls. These calls generate about 30-50 calls a second. I do add the CID to the black list, have built a dummy route for the their outbound dialed number to drop. Looking to stop these calls from occurring. Any help would be appreciated.
Read the explanations (the "?"s) and make an informed decision. For many things, especially this, you will want to understand what you are enabling/disabling.
comtech,
I posted again after your suggestion to look over the ? mark, with the edited dial plan. Had asked if this looks correct to you. Did I edit the wrong one for the Asterisk Dial Plan settings
I reloaded Asterisk after making this change. I am still able to call in to the system and press ## to make a transfer. I also have the Feature Code turned off.
Just an “r” for the Trunk Dial Options and still able to call in and press ## to transfer.
Feature Code is off. Changed Feature code and ## still works. Reviewed the .conf file and it shows xblind= “blank”
xtransfr=“blank”
Still can ## to transfer.
I believe that the change only affects the default for new extensions and trunks. Check the dial options for the trunk and extension involved in your ## call.
Stewart,
I have rebooted the PBX and Asterisk after each change I have made prior to testing. This is an inbound call to an IVR, press 1 to reach a destination. Soon as I press 1, I can hit ## and transfer the call. This again, is an inbound call I am making to one of the PBX we manage. We have 19 of them. This is an ongoing issue and exploit that Call Pumping bots are using on our system.
I have located the issue to them using *2 and ## to make a transfer to a number, then pump calls out.
Disabling this the fix.
They change inbound caller ID to fast to keep up with the Block list for CID
Also, with all of this disabled and turned off, I see the /etc/asterisk > features_featuremap_addistional.conf indicates the code is gone. But yet we can still do it.
This seems to be hard coded else where. I have changed the Feature code to something entirely different and the ## still works. Even looking the conf file for this, it indicates the new command for the transfer, but still allowed to do ## soon as the inbound call reaches the IVR.
File is empty, and the IVR does not allow Direct Dial.
Also added ## and *2 to the dial options in the IVR to terminate the calls to see if that would do it, but it does not. Still can transfer…