[Spce-user] NGCP-FRAUD Protection doesn't work in 4.3.1

Kirill Solomko ksolomko at sipwise.com
Fri Apr 22 08:55:29 EDT 2016


Hi Matthias,

Thank you for your report.
I have pinned down the issue and going to release a hotfix nearest time.

(expected packages to upgrade: ngcp-billing-tools, ngcp-panel)

Kind regards,
Kirill

> On 22 Apr 2016, at 13:00, Matthias Hohl <matthias.hohl at telematica.at> wrote:
> 
> Hello,
> 
> i use a wildcard zertificate for https.
> Just for kamailio tls i use the selfsigned cause we doesn't use tls
> currently.
> 
> I changed the setting and can execute the script now but I get now this
> error:
> 
> 
> root at spce:~# /usr/sbin/ngcp-fraud-daily-lock
> no sender
> 
> Trace begun at /usr/share/perl5/Email/Sender/Simple.pm line 117
> Email::Sender::Simple::send_email('Email::Sender::Simple',
> 'Email::Abstract=ARRAY(0x300b810)', 'HASH(0x3aae940)') called at
> /usr/share/perl5/Email/Sender/Role/CommonSending.pm line 45
> Email::Sender::Role::CommonSending::try {...}  at
> /usr/share/perl5/Try/Tiny.pm line 79
> eval {...} at /usr/share/perl5/Try/Tiny.pm line 72
> Try::Tiny::try('CODE(0x3aae928)', 'Try::Tiny::Catch=REF(0x2df6768)') called
> at /usr/share/perl5/Email/Sender/Role/CommonSending.pm line 58
> Email::Sender::Role::CommonSending::send('Email::Sender::Simple',
> 'Email::Simple=HASH(0x3aaea30)', 'HASH(0x300ba20)') called at
> /usr/sbin/ngcp-fraud-daily-lock line 124
> main::send_email('HASH(0x2da1988)', 'ARRAY(0x36a98e0)') called at
> /usr/sbin/ngcp-fraud-daily-lock line 171
> main::main at /usr/sbin/ngcp-fraud-daily-lock line 176
> 
> 
> root at spce:~# /usr/sbin/ngcp-fraud-auto-lock
> no sender
> 
> Trace begun at /usr/share/perl5/Email/Sender/Simple.pm line 117
> Email::Sender::Simple::send_email('Email::Sender::Simple',
> 'Email::Abstract=ARRAY(0x30888f0)', 'HASH(0x3b2bcc0)') called at
> /usr/share/perl5/Email/Sender/Role/CommonSending.pm line 45
> Email::Sender::Role::CommonSending::try {...}  at
> /usr/share/perl5/Try/Tiny.pm line 79
> eval {...} at /usr/share/perl5/Try/Tiny.pm line 72
> Try::Tiny::try('CODE(0x3b2bca8)', 'Try::Tiny::Catch=REF(0x2e73898)') called
> at /usr/share/perl5/Email/Sender/Role/CommonSending.pm line 58
> Email::Sender::Role::CommonSending::send('Email::Sender::Simple',
> 'Email::Simple=HASH(0x3b2bdb0)', 'HASH(0x3088b60)') called at
> /usr/sbin/ngcp-fraud-auto-lock line 124
> main::send_email('HASH(0x3730438)', 'ARRAY(0x3739d30)') called at
> /usr/sbin/ngcp-fraud-auto-lock line 171
> main::main at /usr/sbin/ngcp-fraud-auto-lock line 176
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: Spce-user [mailto:spce-user-bounces at lists.sipwise.com] Im Auftrag von
> Victor Seva
> Gesendet: Freitag, 22. April 2016 12:48
> An: spce-user at lists.sipwise.com
> Betreff: Re: [Spce-user] NGCP-FRAUD Protection doesn't work in 4.3.1
> 
> On 04/22/2016 11:39 AM, Matthias Hohl wrote:
>> Hello,
>> 
>> today i found out that the ngcp-fraud-daily-lock and 
>> ngcp-fraud-auto-lock doesn't work on a subscriber with too much traffic in
> version 4.3.1.
>> In version 4.2.1 it definitely works. 
>> To solve this problem i checked the cronjob log and saw, that the 
>> cronjobs was executed.
>> Then I tried to execute the commands directly and got this error:
>> 
>> 
>> root at spce:/var/log# /usr/sbin/ngcp-fraud-daily-lock
>> 500 Can't connect to 127.0.0.1:1442 (certificate verify failed) Can't 
>> connect to 127.0.0.1:1442 (certificate verify failed) SSL connect 
>> attempt failed error:14090086:SSL 
>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at 
>> /usr/share/perl5/LWP/Protocol/http.pm line 49.
>> 
>> 
>> root at spce:/var/log# /usr/sbin/ngcp-fraud-auto-lock
>> 500 Can't connect to 127.0.0.1:1442 (certificate verify failed) Can't 
>> connect to 127.0.0.1:1442 (certificate verify failed) SSL connect 
>> attempt failed error:14090086:SSL 
>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at 
>> /usr/share/perl5/LWP/Protocol/http.pm line 49.
>> 
>> 
>> 
>> Any idea to solve this problem?
>> In changelog you wrote, that you updated the ngcp-fraud scripts for 
>> 4.3.1, so maybe there is something wrong?
> 
> This should be a problem with the certificate you are using. Are you using a
> self-sign certificate?
> 
> There is a new config for disable the check for scripts:
> 
> security:
>  ngcp_panel:
>    scripts:
>      restapi:
>        sslverify: no
> 
> 
> On production I would say you should not use self-sign certificates.
> Maybe letsencrypt?
> 
> --
> Victor Seva
> Software Engineer
> 
> Phone: +43(0)1 301 2029
> Email: vseva at sipwise.com
> Website: www.sipwise.com
> 
> Particulars according Austrian Companies Code paragraph 14 "Sipwise GmbH“ -
> Europaring F15 – 2345 Brunn am Gebirge FN:305595f, Commercial Court Vienna,
> ATU64002206
> 
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> https://lists.sipwise.com/listinfo/spce-user




More information about the Spce-user mailing list