sirdotcom
Member
- Joined
- Mar 20, 2010
- Messages
- 150
- Reaction score
- 25
Yesterday, while I happened to be out for a few minutes, about 25 calls were made to African countries. Most of them were no answers or busy, but I still got charged. I've seen this scam before few years ago, but I thought it was fixed. My main boo-boo was that I had the firewall down at the time ... however, the CLIDs are all Google voice numbers! 2 different ones. The logs don't say anything them dialing trunk access codes, it just show my GV numbers as the source and the destination as the rather expensive number. I only lost about $8, but I don't think this was a firewall thing .. it seems they expolited GV somehow.
They used voip.ms and a "011" dialling prefix (which from internal you need more than that,) and also another provider that doesn't accept an int'l prefix, and those calls failed. Here is a snippet from the log:
There's a lot more FreePBX stuff but what gets me is the Dialing xxx@thanku-outcall ... how the hell did they do that? Just another reminder to lock things down I suppose.
They used voip.ms and a "011" dialling prefix (which from internal you need more than that,) and also another provider that doesn't accept an int'l prefix, and those calls failed. Here is a snippet from the log:
Code:
[2016-08-27 07:11:15] VERBOSE[24680][C-0000001f] pbx.c: Executing [s@macro-dialout-trunk:13] Set("Local/005311034197@tha
nku-outcall-0000001f;2", "OUTNUM=005311034197") in new stack
[2016-08-27 07:11:15] VERBOSE[24680][C-0000001f] pbx.c: Executing [s@macro-dialout-trunk:14] Set("Local/005311034197@tha
nku-outcall-0000001f;2", "custom=SIP/voipms_44") in new stack
[2016-08-27 07:11:15] VERBOSE[24680][C-0000001f] pbx.c: Executing [s@macro-dialout-trunk:15] ExecIf("Local/005311034197@
thanku-outcall-0000001f;2", "0?Set(DIAL_TRUNK_OPTIONS=M(setmusic^default))") in new stack
[2016-08-27 07:11:15] VERBOSE[24680][C-0000001f] pbx.c: Executing [s@macro-dialout-trunk:16] ExecIf("Local/005311034197@
thanku-outcall-0000001f;2", "0?Set(DIAL_TRUNK_OPTIONS=M(confirm))") in new stack
[2016-08-27 07:11:15] VERBOSE[24680][C-0000001f] pbx.c: Executing [s@macro-dialout-trunk:17] Macro("Local/005311034197@t
hanku-outcall-0000001f;2", "dialout-trunk-predial-hook,") in new stack
[2016-08-27 07:11:15] VERBOSE[24680][C-0000001f] pbx.c: Executing [s@macro-dialout-trunk-predial-hook:1] MacroExit("Loca
l/005311034197@thanku-outcall-0000001f;2", "") in new stack
[2016-08-27 07:11:15] VERBOSE[24680][C-0000001f] pbx.c: Executing [s@macro-dialout-trunk:18] GotoIf("Local/005311034197@
thanku-outcall-0000001f;2", "0?bypass,1") in new stack
[2016-08-27 07:11:15] VERBOSE[24680][C-0000001f] pbx.c: Executing [s@macro-dialout-trunk:19] ExecIf("Local/005311034197@
thanku-outcall-0000001f;2", "0?Set(CONNECTEDLINE(num,i)=005311034197)") in new stack
[2016-08-27 07:11:15] VERBOSE[24680][C-0000001f] pbx.c: Executing [s@macro-dialout-trunk:20] ExecIf("Local/005311034197@
thanku-outcall-0000001f;2", "0?Set(CONNECTEDLINE(name,i)=CID:)") in new stack
[2016-08-27 07:11:15] VERBOSE[24680][C-0000001f] pbx.c: Executing [s@macro-dialout-trunk:21] GotoIf("Local/005311034197@thanku-outcall-0000001f;2", "0?customtrunk") in new stack
[2016-08-27 07:11:15] VERBOSE[24680][C-0000001f] pbx.c: Executing [s@macro-dialout-trunk:22] Dial("Local/005311034197@thanku-outcall-0000001f;2", "SIP/voipms_44/005311034197,300,") in new stack
[2016-08-27 07:11:15] VERBOSE[24680][C-0000001f] netsock2.c: Using SIP RTP TOS bits 184
[2016-08-27 07:11:15] VERBOSE[24680][C-0000001f] netsock2.c: Using SIP RTP CoS mark 5
[2016-08-27 07:11:15] VERBOSE[24680][C-0000001f] app_dial.c: Called SIP/voipms_44/005311034197
[2016-08-27 07:11:15] VERBOSE[24646][C-0000001e] app_dial.c: No one is available to answer at this time (1:0/0/0)
[2016-08-27 07:11:15] VERBOSE[24646][C-0000001e] pbx.c: Executing [s@macro-dialout-trunk:31] NoOp("Local/0023155566195@thanku-outcall-0000001e;2", "Dial failed for some reason with DIALSTATUS = NOANSWER and HANGUPCAUSE = 16") in new stack
[2016-08-27 07:11:15] VERBOSE[24646][C-0000001e] pbx.c: Executing [s@macro-dialout-trunk:32] GotoIf("Local/0023155566195@thanku-outcall-0000001e;2", "1?continue,1:s-NOANSWER,1") in new stack
There's a lot more FreePBX stuff but what gets me is the Dialing xxx@thanku-outcall ... how the hell did they do that? Just another reminder to lock things down I suppose.