[OpenSIPS-Users] Opensips 2.5 and fraud module

Liviu Chircu liviu at opensips.org
Tue Apr 3 08:29:24 EDT 2018

Hi Denis,

Regarding the "52 calls" vs. 25/30 limits, are you sure all 52 calls 
were made by the same user? Keep in mind that all fraud_detection module 
stats are per-user counters, and not global counters. If they really 
were all made by the same user, please let me know and I will 
double-check my tests.

The "cpm", "total_calls" and "concurrent_calls" reset either on an 
interval change or at midnight (new day ahead). This leads to a possible 
undetected abuse of up to 2x your provisioned "cpm", "total_calls" or 
"concurrent_calls", if the malicious user places "limit - 1" events 
before the reset, followed by another "limit - 1" events past the reset. 
If this is too much for you, then your provisioned limits (thresholds) 
are incorrect, and you should simply cut them in half.

Best regards,

Liviu Chircu
OpenSIPS Developer

On 22.03.2018 09:59, Denis via Users wrote:
> Hello!
> Is there any idea about the problem?
> Thank you.
> -- 
> С уважением, Денис.
> Best regards, Denis
> 16.03.2018, 15:22, "Denis via Users" <users at lists.opensips.org>:
>> Hello!
>> I am sorry that it was early, but anyway.
>> Server:: OpenSIPS (2.2.5 (x86_64/linux))
>> Fraud_module has been activated.
>> Profile data
>> 17.02.18 20:55 Opensips received first fraud call.
>> And before Opensips detected fraud there were 52 yet calls to 810 prefix.
>> First question is why it didn`t detected fraud early (dialing with 
>> total_calls, for example)?
>> Then.
>> Till the end of 17.02 Opensips blocked the calls from client to 810, 
>> but in 18.02 i can see success fraud calls to 810 from the client again.
>> Second question is why? Opensips resets count every new day?
>> Thank you.
>> -- 
>> С уважением, Денис.
>> Best regards, Denis
>> ,
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20180403/83af642d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 7209 bytes
Desc: not available
URL: <http://lists.opensips.org/pipermail/users/attachments/20180403/83af642d/attachment-0001.png>

More information about the Users mailing list