hurrymonkey
New Member
- Joined
- Nov 20, 2008
- Messages
- 27
- Reaction score
- 0
HowTo: Call Forwarding Security
A customer of mine alerted me to a huge security hole with freepbx Call Forwarding. I couldnt find this mentioned anywhere in this forum.
When enabled, any user can forward ANY extension to wherever they want without any restrictions.
After doing a little research, i found a temporary fix to the problem. After applying the changes below, the voicemail password for the extension must be entered before anyone can forward it. Credit goes to dickson (http://fonality.com/trixbox/forums/trixbox-forums/help/activate-call-fowarding-outside) and
kimkhan (http://fonality.com/trixbox/forums/trixbox-forums/help/call-forward-restrictions)
1. Drop the code below into your extension_custom.conf file
A customer of mine alerted me to a huge security hole with freepbx Call Forwarding. I couldnt find this mentioned anywhere in this forum.
When enabled, any user can forward ANY extension to wherever they want without any restrictions.
After doing a little research, i found a temporary fix to the problem. After applying the changes below, the voicemail password for the extension must be entered before anyone can forward it. Credit goes to dickson (http://fonality.com/trixbox/forums/trixbox-forums/help/activate-call-fowarding-outside) and
kimkhan (http://fonality.com/trixbox/forums/trixbox-forums/help/call-forward-restrictions)
1. Drop the code below into your extension_custom.conf file
Code:
exten => s,1,Answer
exten => s,n,Wait(1)
exten => s,n,Playback(call-fwd-unconditional)
exten => s,n,Playback(please-enter-your&extension)
exten => s,n,Read(fromext,then-press-pound,,,,)
exten => s,n,Wait(1)
exten => s,n,VMAuthenticate(${fromext})
exten => s,n(startread),Playback(ent-target-attendant)
exten => s,n,Read(toext,then-press-pound,,,,)
exten => s,n,GotoIf($["foo${toext}"="foo"]?startread)
exten => s,n,Wait(1)
exten => s,n,Set(DB(CF/${fromext})=${toext})
exten => s,n,Playback(call-fwd-unconditional&for&extension)
exten => s,n,SayDigits(${fromext})
exten => s,n,Playback(is-set-to)
exten => s,n,SayDigits(${toext})
exten => s,n,Macro(hangupcall,)
[custom-cf-off]
exten => s,1,Answer
exten => s,n,Wait(1)
exten => s,n,Playback(call-fwd-unconditional)
exten => s,n,Playback(please-enter-your&extension)
exten => s,n,Read(fromext,then-press-pound,,,,)
exten => s,n,Wait(1)
exten => s,n,VMAuthenticate(${fromext})
exten => s,n,dbDel(CF/${fromext})
exten => s,n,Playback(call-fwd-unconditional&de-activated&for&extension)
exten => s,n,SayDigits(${fromext})
exten => s,n,Macro(hangupcall,)
2. Go to the Tools from Freepbx and click on Custom Destinations. In the Custom Destinations field enter the following: custom-cf-on,s,1
For description name as you please, I named it CallfwON
Now Submit. Once again create another Custom Destination. In the Custom Destinations field enter the following: custom-cf-off,s,1
For description name as you please, I named it CallfwOFF
Now Submit.
3. To prevent other disgruntled employees to screw up some one or your peers playing prank with you by forwarding all your calls to a pizza shop next door, you can implement the same security internally.
a. From freepbx Go to the feature codes and disable "call forward all activate" which is *72 and "call forward all deactivate" which is *73 (i deactivated all call forwarding feaetures)
b. Go to Misc. Applications and enter *72 in the feature Code field. For descritption I named it 'CallfwON-Internal'
c. for Destination select the Custom Applications radio button and choose CallfwON from the drop down menu.
d. Submit
e. Go back to Misc. Applications and enter *73 in the feature Code field. For descritption I named it 'CallfwOFF-Internal'
f. for Destination select the Custom Applications radio button and choose CallfwOFF from the drop down menu.
g. Submit
h. apply and reload settings
Thats it. Now dial *72 or *73 from your work phone and it will ask the ext. # followed by asking for the password.