[Spce-user] Fraud prevention

Gavin Sweet gavin.sweet at skyracktelecom.com
Mon Apr 28 10:14:24 EDT 2014


Hi Andreas - 

It seems to me that there are two very obvious items that we (everyone)
should configure to reduce potential fraud impact (assuming we do not wish
to prevent dialling to specific destinations, and that you are not paying
for inbound):

1. reduce concurrent_max_out per subscriber to the minimum to avoid the
problem of many simultaneous fraud calls if one of your subscriber accounts
is compromised (depending on your particular setup, maybe this can be only 1
or 2)
2. turn daily fraud lock on for all contracts/customers and for subscribers
at some "acceptable" limit, maybe as low as $10 or less for a subscriber
depending on the users call profile

Lets say that this is reasonable and we wanted to make a kind of batch
update to all the subscribers in the system ... can these be safely updated
direct to the DB rather than having to build something more sophisticated?

For concurrent_max_out, is it as simple as this?
a) updating provisioning.voip_usr_preferences with a row for each subscriber
with attribute_id=42 and value=5
and
b) updating kamailio.usr_preferences with a row for each uuid/subscriber
with attribute=concurrent_max_out type=1 value=5
By the way, it looks like there is a bug in the function populating this
kamailio.usr_preferences table as all the last_modified dates are 1900-01-01

Thanks
Gavin


> -----Original Message-----
> From: spce-user-bounces at lists.sipwise.com [mailto:spce-user-
> bounces at lists.sipwise.com] On Behalf Of Andreas Granig
> Sent: 28 April 2014 14:07
> To: spce-user at lists.sipwise.com
> Subject: Re: [Spce-user] Fraud prevention
> 
> Hello,
> 
> The fraud check for the daily limit is done every 30min by default, you
> can tweak it to your liking in /etc/ngcp-
> config/templates/etc/cron.d/ngcp-fraud-daily-lock.tt2.
> 
> Just be aware that it consumes quite some resources if you have lots of
> CDRs.
> 
> The other option is to use prepaid (build your own or use the PRO) even
> though you actually bill your customers post-paid, and at night (or at
> whatever interval you choose to set your limit to) top up the
> customers'
> contract balance to their daily/hourly/whatever limit. That way all
> calls are cut off in real-time as soon as the limit is reached.
> 
> Andreas
> 
> On 04/26/2014 03:01 AM, Michael Molina wrote:
> > I do have a question about this feature. Let's say you set the fraud
> > lock for a subscriber for 10 dollars per day. A hacker breaks into
> the
> > system some how (extremely possible) then uses this credentials to
> > make international calls, to a very expensive country for instance,
> at
> > a rate of 2.50 to 3 dollars a minute, he will in a very short time
> > exceed the set amount of 10 dollars a day. He begins calling at 2
> > o'clock in the morning, by the time the script checks the accounts
> > setup with fraud prevention it would be close to 22 hours later (mid
> > night or so) accordantly to the manual. Then at this time the script
> > will block the account and the calling will stop. However we have
> 1320
> > minutes of billing at 3 dollars a minute. That is 3960 dollars of
> > fraudulent billing. Any way we can run the script more often?. Even
> if
> > you can get the emails soon enough by the time you get to the server
> > and disable the account or the trunks involved it is simply too late,
> > you have an extensive bill to pay
>  .
>  What if we could run a script that will know the minute an account has
> gone over the limit and disable outbound for instance?. I was just
> wondering. have a good weekend everyone.
> > Michael Molina
> > Ladera Communications.
> >
> >
> >
> >
> > _______________________________________________
> > Spce-user mailing list
> > Spce-user at lists.sipwise.com
> > http://lists.sipwise.com/listinfo/spce-user
> >
> 
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> http://lists.sipwise.com/listinfo/spce-user
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2014.0.4570 / Virus Database: 3920/7400 - Release Date:
> 04/26/14





More information about the Spce-user mailing list