Markus
2016-Oct-28 15:38 UTC
[asterisk-users] Just got defrauded - how do I block calls which contain a dash (RegEx noob question)
Hi list, I'm using Asterisk2Billing (v2.0.16) and it appears to have an annoying bug. When there are rates for e.g. 44 (UK landline) and 44870 (UK premium) and a fraudster manages to somehow dial 44-870 instead of 44870 the rate for 44 will match, not the one for 44870. So, I would like to block all calls on a dialplan level that contain a dash. -44, 4-4, 44-, 44---, -, ---, just everything with a friggin' dash. My noob-ish try: exten => _-.,1,NoOp(Blocking dash) exten => _-.,n,Hangup Doesn't work. On https://wiki.asterisk.org/wiki/display/AST/Pattern+Matching I found: "The dash (-) character is ignored in extensions and patterns except when it is used in a pattern to specify a range in a character set. It has no effect in matching or sorting extensions." How do I do it right? Thank you! Markus
John Covici
2016-Oct-28 15:55 UTC
[asterisk-users] Just got defrauded - how do I block calls which contain a dash (RegEx noob question)
How about a \ before the - ? On Fri, 28 Oct 2016 11:38:13 -0400, Markus wrote:> > Hi list, > > I'm using Asterisk2Billing (v2.0.16) and it appears to have an > annoying bug. When there are rates for e.g. 44 (UK landline) and > 44870 (UK premium) and a fraudster manages to somehow dial 44-870 > instead of 44870 the rate for 44 will match, not the one for > 44870. > > So, I would like to block all calls on a dialplan level that > contain a dash. -44, 4-4, 44-, 44---, -, ---, just everything > with a friggin' dash. > > My noob-ish try: > > exten => _-.,1,NoOp(Blocking dash) > exten => _-.,n,Hangup > > Doesn't work. > > On https://wiki.asterisk.org/wiki/display/AST/Pattern+Matching I found: > > "The dash (-) character is ignored in extensions and patterns > except when it is used in a pattern to specify a range in a > character set. It has no effect in matching or sorting > extensions." > > How do I do it right? > > Thank you! > Markus > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users-- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici covici at ccs.covici.com
Max Grobecker
2016-Oct-28 15:58 UTC
[asterisk-users] Just got defrauded - how do I block calls which contain a dash (RegEx noob question)
Hi, Am 28.10.2016 um 17:38 schrieb Markus:> exten => _-.,1,NoOp(Blocking dash) > exten => _-.,n,Hangup> How do I do it right?why not using FILTER() in your dialplan to eleminate all chars that are not numeric? Like Set(VAR=${FILTER(0-9+),${EXTEN}}) That would eleminate all characters you're not expecting. Greetings Max -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20161028/c7c8501d/attachment.pgp>
John Covici
2016-Oct-28 16:00 UTC
[asterisk-users] Just got defrauded - how do I block calls which contain a dash (RegEx noob question)
Also, make sure you are using fail2ban and that you have good passwords on your extensions. On Fri, 28 Oct 2016 11:55:42 -0400, John Covici wrote:> > How about a \ before the - ? > > On Fri, 28 Oct 2016 11:38:13 -0400, > Markus wrote: > > > > Hi list, > > > > I'm using Asterisk2Billing (v2.0.16) and it appears to have an > > annoying bug. When there are rates for e.g. 44 (UK landline) and > > 44870 (UK premium) and a fraudster manages to somehow dial 44-870 > > instead of 44870 the rate for 44 will match, not the one for > > 44870. > > > > So, I would like to block all calls on a dialplan level that > > contain a dash. -44, 4-4, 44-, 44---, -, ---, just everything > > with a friggin' dash. > > > > My noob-ish try: > > > > exten => _-.,1,NoOp(Blocking dash) > > exten => _-.,n,Hangup > > > > Doesn't work. > > > > On https://wiki.asterisk.org/wiki/display/AST/Pattern+Matching I found: > > > > "The dash (-) character is ignored in extensions and patterns > > except when it is used in a pattern to specify a range in a > > character set. It has no effect in matching or sorting > > extensions." > > > > How do I do it right? > > > > Thank you! > > Markus > > > > -- > > _____________________________________________________________________ > > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > > > Check out the new Asterisk community forum at: https://community.asterisk.org/ > > > > New to Asterisk? Start here: > > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > > > asterisk-users mailing list > > To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/mailman/listinfo/asterisk-users > > -- > Your life is like a penny. You're going to lose it. The question is: > How do > you spend it? > > John Covici > covici at ccs.covici.com > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users-- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici covici at ccs.covici.com
Markus
2016-Oct-28 17:20 UTC
[asterisk-users] Just got defrauded - how do I block calls which contain a dash (RegEx noob question)
Am 28.10.2016 um 17:58 schrieb Max Grobecker:> why not using FILTER() in your dialplan to eleminate all chars that are not numeric? > Like > > Set(VAR=${FILTER(0-9+),${EXTEN}}) > > That would eleminate all characters you're not expecting.That's great! Didn't know FILTER. Thanks!
Steve Howes
2016-Nov-01 13:54 UTC
[asterisk-users] Just got defrauded - how do I block calls which contain a dash (RegEx noob question)
On 28/10/16 16:38, Markus wrote:> I'm using Asterisk2Billing (v2.0.16) and it appears to have an > annoying bug. When there are rates for e.g. 44 (UK landline) and 44870 > (UK premium) and a fraudster manages to somehow dial 44-870 instead of > 44870 the rate for 44 will match, not the one for 44870.44 is *not* UK landline, you shouldn't even have a rate for it. 44 is the country code. A (very) brief summary is: 441 Landline 442 Landline 443 Landline (at least for billing) 447 Mobile 4470 Personal rate (rarely used, expensive) 44800/8 Freephone 4484/5 Special Services Lower Rate 4487 Special Services Higher Rate 449 Premium rate Having a correct rates table / normalising and validating your inputs (as in FILTER) would both have potentially stopped the attack. Steve