SOLVED Flaw with anonymous incoming calls.

24bit96khz

New Member
Joined
Feb 8, 2014
Messages
14
Reaction score
2
Anonymous calls are getting through my two ways of blocking them for some reason and I'm trying to figure out why.

I'm blocking Unknown/Blocked CallerID with the Blacklist:
zaZmvtX.png


But this method doesn't work for the IPKALL.com number the person is calling, presumably because of the way it dials your SIP URI directly. I have that number set up as a trunk and set the inbound routes up. The Inbound DID has its destination set to extension 201 which is my cell phone. It works great for calls. If I want to block a number, I need to set up a new inbound route with that priority and its destination as an announcement that appears that the number is disconnected. It works as long as the incoming caller id matches the number I manually enter as shown here:
WzpBxdH.png


The guy who has been hell bent on harassing me got around my "Anonymous" block which is set up like this:
GkbCPcD.png


I confirmed this by having my girlfriend dial *67 and then my IPKALL number and sure enough it goes to the not in service announcement.
ujZ2WRi.png


He gets around it by having a stranger CallerID name that I can't seem to add to inbound routes to block it:
IA5wUCs.png


If you look closely, the CallerID says "Anonymous " There is a space before the last quotation. If I try adding Anonymous with a space, or "Anonymous " exactly, both say I already have an entry with anonymous in it and I cannot redirect these calls to the trash which is where I want them.

I would like to get the police involved because this guy is using all sorts of numbers to harass me, but I'd also like to know what else I can do without taking extreme measures to prevent this guy from getting through. I did some searching and couldn't find the answer. I saw something with using pipes such as <PhoneNumber>|<PhoneNumber2> in the CallerID field but I'm unsure if that will work. Any suggestions short of changing or cancelling my IPKALL number? I'd like to not let this guy win.
 

24bit96khz

New Member
Joined
Feb 8, 2014
Messages
14
Reaction score
2
(Sorry about the size of the images guys. I have text hidden between those monstrosities)
 

billsimon

Well-Known Member
Joined
Jan 2, 2011
Messages
1,535
Reaction score
728
Please post the logs from /var/log/asterisk/full that match with the nuisance call. Maybe they will reveal something that the CDR report does not.
 

billsimon

Well-Known Member
Joined
Jan 2, 2011
Messages
1,535
Reaction score
728
Also I notice in one of the screen shots it shows the DID as "201" which is probably not what you want. If that's what IPKall is sending as the DID, unless you're matching that on your Inbound Route, then the incoming call is not using that route. You said that your "IPKALL-Anonymous" Inbound Route has the IPKall number as the DID.

I assume the URI you set up with IPKall is sip:201@somewhere since the DID is appearing that way. To make the Inbound Route work you should either match DID = 201 or fix your SIP URI with IPKall so that it's SIP:1nxxnxxxxxx@somewhere where the 1nxxnxxxxxx is your actual IPKall number.
 

24bit96khz

New Member
Joined
Feb 8, 2014
Messages
14
Reaction score
2
I logged into IPKALL and changed the SIP UI from 201@IPADDRESS to phonenumber@ipaddress. Even though I set up IPKALL-Anonymous inbound route to the actual DID and not 201, calls that came in went through that route as I showed when I dialed from my girlfriend's phone with *67.

The SIP URI change is better overall and you're right, but I'm not sure it's going to fix this problem. The full log only shows the last 15~ hours or so it seems, so I no longer have the log info when that person called. If he calls again I'll remember to check the log right away and paste it here.
 

billsimon

Well-Known Member
Joined
Jan 2, 2011
Messages
1,535
Reaction score
728
Sounds good; let us know what you find. By the way, even though the full log only has the day's worth due to log rotation, you can still find previous days' logs in /var/log/asterisk/full* -- I don't remember whether the rotator is changing the name to full-DATE or full.1, full.2, etc. but there should be some history there.
 

24bit96khz

New Member
Joined
Feb 8, 2014
Messages
14
Reaction score
2
Thanks for replying. You're right--I guess I didn't know it saved logs for the past few days in that folder. Odd, though, full-20140721 has calls from 20140720 etc, so they're all a day off. Maybe it's supposed to be that way.

Anyway, I found the two separate calls in the log file. The first is the Anonymous one from 2014-07-20 21:39:58 which should have been blocked but wasn't. The second is from my girlfriend's phone using *67 dated 2014-07-21 07:51:52. Both show up in the call log screenshots above. Maybe this will show you why the first Anonymous isn't blocked but the second one is. I'm not an expert at deciphering these logs, so I appreciate this very much.

I tried to paste the log here but it's more than 10k characters. I put it on pastebin but the format is unreadable and wonky. So I put the file here instead. Top half is the "Anonymous " that got through the block and the bottom, smaller log is the one is from my girlfriend's phone calling my same IPKALL number with *67. Both calls in this log are in the screenshot above with matching dates/times.

http://www.users.qwest.net/~amerrill/anonymousfreepbx.txt

I noticed in CDR in FreePBX if I type in "Anonymous" there are 3 variations of the word that show up in my call log:

1. "anonymous "<anonymous>
2. "Anonymous "<Anonymous>
3. Anonymous

Keep in mind I did not change settings for anything in FreePBX between the two calls in the log, so I can assure you those calls will still get through right now with the quotations around them.
 

billsimon

Well-Known Member
Joined
Jan 2, 2011
Messages
1,535
Reaction score
728
The dialplan definitely changed between the two calls. Are you 100% sure you didn't update anything at all?

Earlier call, the 201@from-trunk step 1 & 2:
Code:
[2014-07-20 21:39:58] VERBOSE[29206][C-00000008] pbx.c:    -- Goto (from-trunk,201,1)
[2014-07-20 21:39:58] VERBOSE[29206][C-00000008] pbx.c:    -- Executing [201@from-trunk:1] Set("SIP/IPKALL-00000010", "__RINGTIMER=15") in new stack
[2014-07-20 21:39:58] VERBOSE[29206][C-00000008] pbx.c:    -- Executing [201@from-trunk:2] Macro("SIP/IPKALL-00000010", "exten-vm,novm,201,0,0,0") in new stack

Later call (blocked), 201@from-trunk step 1 & 2 are different:
Code:
[2014-07-21 07:51:52] VERBOSE[4342][C-00000009] pbx.c:    -- Goto (from-trunk,201,1)
[2014-07-21 07:51:52] VERBOSE[4342][C-00000009] pbx.c:    -- Executing [201@from-trunk:1] Set("SIP/IPKALL-00000012", "__FROM_DID=201") in new stack
[2014-07-21 07:51:52] VERBOSE[4342][C-00000009] pbx.c:    -- Executing [201@from-trunk:2] Gosub("SIP/IPKALL-00000012", "app-blacklist-check,s,1()") in new stack

The first call is routed directly to the extension and the second one runs through the blacklist check and to the recording instead. As you see though these happen very early in the steps (step 2) so in the first case, the anonymous call was never examined for its caller ID.
 

24bit96khz

New Member
Joined
Feb 8, 2014
Messages
14
Reaction score
2
The dialplan definitely changed between the two calls. Are you 100% sure you didn't update anything at all?

Earlier call, the 201@from-trunk step 1 & 2:
Code:
[2014-07-20 21:39:58] VERBOSE[29206][C-00000008] pbx.c:    -- Goto (from-trunk,201,1)
[2014-07-20 21:39:58] VERBOSE[29206][C-00000008] pbx.c:    -- Executing [201@from-trunk:1] Set("SIP/IPKALL-00000010", "__RINGTIMER=15") in new stack
[2014-07-20 21:39:58] VERBOSE[29206][C-00000008] pbx.c:    -- Executing [201@from-trunk:2] Macro("SIP/IPKALL-00000010", "exten-vm,novm,201,0,0,0") in new stack

Later call (blocked), 201@from-trunk step 1 & 2 are different:
Code:
[2014-07-21 07:51:52] VERBOSE[4342][C-00000009] pbx.c:    -- Goto (from-trunk,201,1)
[2014-07-21 07:51:52] VERBOSE[4342][C-00000009] pbx.c:    -- Executing [201@from-trunk:1] Set("SIP/IPKALL-00000012", "__FROM_DID=201") in new stack
[2014-07-21 07:51:52] VERBOSE[4342][C-00000009] pbx.c:    -- Executing [201@from-trunk:2] Gosub("SIP/IPKALL-00000012", "app-blacklist-check,s,1()") in new stack

The first call is routed directly to the extension and the second one runs through the blacklist check and to the recording instead. As you see though these happen very early in the steps (step 2) so in the first case, the anonymous call was never examined for its caller ID.

Yes. I am sure. The reason why I know is because when I saw the calls come in, I was flabbergasted as to how they bypassed the Anonymous inbound route block. I am willing to record desktop video at 2560x1600 @ 30fps using GeForce ShadowPlay (h.264 capturing) to make sure it's crisp and clear all of my settings, call logs, and any information I could give you to figure this out.

I just searched anonymous in the CDR and this is all that came up:

dCSsu3C.png


What I would like to know how to do is call my IPKALL number using the CallerID in the screenshot "Anonymous "<Anonymous> rather than just Anonymous without the quotations which is what happens when I call my IPKALL number from my girlfriend's cell phone which is not connected to this PBX. If you know what service or a way to call my IPKALL number that way, I'll give you the number right now. I tried using the Gmail dial pad with *67 to see what happens and Google Voice does not allow you to block your outgoing call. I am certain I did not change anything else. If you'd like, I could make a 1600p video and show you all of my inbound routes. Anything I can do to figure out why it was bypassed.
 

billsimon

Well-Known Member
Joined
Jan 2, 2011
Messages
1,535
Reaction score
728
How is your IPKall trunk set up & do you have any custom dialplan for this in the extensions_custom.conf?
 

24bit96khz

New Member
Joined
Feb 8, 2014
Messages
14
Reaction score
2
How is your IPKall trunk set up & do you have any custom dialplan for this in the extensions_custom.conf?

I never edit the config files manually - I only use the GUI. I checked extensions_custom.conf and see nothing in there familiar. It all seems either default or auto generated from Google Motif or something. I could paste it but I really don't see anything in here about ipkall or extension 201 at all in here.

Do you want to try calling me anonymous and see "which version" of "Anonymous" you get? I know that sounds stupid, but you saw the call log. There are seemingly multiple ways to display Anonymous as CallerID and if it doesn't match your route leading directly to the trash, it'll ring the phone. I'll try to find the guy who was doing it and get him to do it again.

If you look at my Anonymous call log when sorted by date, you can clearly see that I had confirmed the inbound additions I did successfully sent the *67 call I did from my girlfriend's phone to Music On Hold on 2014-07-18. When I confirmed that, I changed destination Music On Hold to the superior "This number has been disconnected" announcement. Then when the Anonymous calls after that date BYPASSED my anonymous block, you see me again on 2014-07-21 confirm that *67 incoming calls went to the announcement. This screenshot and paragraph alone should be enough to tell you that everything I've said has been accurate.

gYRpFCY.png
 

billsimon

Well-Known Member
Joined
Jan 2, 2011
Messages
1,535
Reaction score
728
Based on what lgaetz and I were suggesting earlier I think the formatting of the word "anonymous" is not the issue here. It's that some calls are taking the Inbound Route you have configured, and thus getting blocked, and some are coming in a different one. Is there any other Inbound Route that could match these calls? A catch-all with empty DID?
 

24bit96khz

New Member
Joined
Feb 8, 2014
Messages
14
Reaction score
2
Edit: Okay I think I figured it out.

As a test, I changed the CallerID Number field in inbound routes for the IPKALL block from Anonymous to Anonymous!!!! and then *67 from my girlfriend's phone again. It rang and showed up in the CDR with its weird format as when the guy called me: "Anonymous "<Anonymous>

Changed it back to just straight Anonymous, called again and it went to the announcement as supposed to. That's very odd.

Thanks for helping. While on the subject, could you direct me somewhere that shows easy ways to block entire area codes and things? I'm probably going to need to know that stuff at this rate.
 

billsimon

Well-Known Member
Joined
Jan 2, 2011
Messages
1,535
Reaction score
728
You can use wildcard expressions on the Inbound Routes. If you want to block all of area code 212, you'd set the caller ID on an inbound route to _212NXXXXXX and set the destination to an intercept or whatever.
 

Members online

Forum statistics

Threads
25,782
Messages
167,512
Members
19,203
Latest member
frapu
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top