First post! So yesterday I installed the latest from Debian 10 repo and the latest cp web app using a method similar to powerpbxdotorg howto. I had 5060 open in my firewall, two user phones configured with strong passwords, and a gateway with IP auth for termination. Within 10 minutes calls were being placed via unauthenticated invites I think.
I used the residential config script with a minor beginner destination number pattern match difference: https://pastebin.com/GPrMcWYK if ($rU=~"^[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]+$") { #if (dp_translate(10,"$rU/$rU") ) { #strip(1); The opensips log has a lot of this in it all the time: Jan 17 15:56:04 dsip1 /usr/sbin/opensips[24971]: CRITICAL:db_mysql:wrapper_single_mysql_stmt_execute: driver error (1048): Column 'to_tag' cannot be null Jan 17 15:56:04 dsip1 /usr/sbin/opensips[24971]: ERROR:acc:acc_db_request: failed to insert into acc table The illicit calls start in the log like this: https://pastebin.com/mCNXqK7T I can post the full log but it will take some time to sanitize. Sip call ID links in CDR viewer show this: "Sorry , sip trace for this call is unavailable." There are also only 0 durations on all legs however they incurred duration and billing on termination. I'm fairly certain the calls were not placed via the user phone accounts because of strong passwords. My next steps are to disable the gateway and packet capture on the interface to investigate illicit invites. Where do I even start investigating how unauthenticated invites were placed and prevent it in the opensips config? Any suggestions would be greatly appreciated.
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
