Chris Earle
2008-Jul-16 18:05 UTC
[asterisk-users] how to stop web Click to Call fraud, robots, etc
Hi all, I'm writing some code to do a web 'click to dial' sort of thing. Where the surfer puts in their number and some php/asterisk API code Originates a call out to them and connects them to an internal extension. But this raises a number of security/nuissance issues: I'm well aware that the numbers entered should be validated for local dialing etc.... But... *What if a robot hits the page, fills out the form with a legit number, and effectively causes a prank call out to some poor soul? *invalid area codes? how to deal with? Check against a list of valid ones? That's all I can think of right now. Can all these issues be dealt with by: 1 -- a sort of easy route, add a CAPTCHA to the web form 2 -- compare against lists, or somehow do asterisk dialplan logic to stop ....well....how could you stop legit numbers?.... :-S Ideas, suggestions appreciated!! -- -- Chris Earle
Mik Cheez
2008-Jul-16 18:47 UTC
[asterisk-users] how to stop web Click to Call fraud, robots, etc
Require that the user is logged in, and that the form has random text-image verification. Just my 2?. Chris Earle wrote:> Hi all, > > I'm writing some code to do a web 'click to dial' sort of thing. Where the > surfer puts in their number and some php/asterisk API code Originates a call > out to them and connects them to an internal extension. > > > But this raises a number of security/nuissance issues: > I'm well aware that the numbers entered should be validated for local > dialing etc.... > But... > > *What if a robot hits the page, fills out the form with a legit number, and > effectively causes a prank call out to some poor soul? > *invalid area codes? how to deal with? Check against a list of valid ones? > > That's all I can think of right now. Can all these issues be dealt with by: > 1 -- a sort of easy route, add a CAPTCHA to the web form > 2 -- compare against lists, or somehow do asterisk dialplan logic to stop > ....well....how could you stop legit numbers?.... :-S > > Ideas, suggestions appreciated!! > >