<div>Hello Liviu!</div><div> </div><div>Sorry, for long answer.</div><div> </div><div>I do not quite understand</div><div> </div><div>07:08 was the first call to 810 prefix from 00:00 where counters, how you mentioned, has been reset.</div><div> </div><div>So, after 15 calls i can see, that Opensips drop any calls with appropriate reason ("fraud detected")</div><div> </div><div>The only counter that has such value is "sequential_calls_critical". Another counters are long away from this value.</div><div> </div><div>Anyway you doubt that "sequential_calls_critical" is the reason of call`s block?</div><div> </div><div>Thank you.</div><div> </div><div>-- </div><div>С уважением, Денис.</div><div>Best regards, Denis</div><div> </div><div> </div><div> </div><div> </div><div> </div><div>24.04.2018, 12:41, "Liviu Chircu" <liviu@opensips.org>:</div><blockquote type="cite"><div bgcolor="#FFFFFF"><p>Hi Denis,</p><p>It is difficult for me to assess your intervals, and triggering reasons. For example, your sheet starts at 07:08 AM, but the counter accumulation is reset way back, at 00:00.</p><p>Please provide some actual fraud event logs, with a log such as below, so we can blame the sequential calls for sure:</p><p>event_route [E_FRD_CRITICAL]<br />{<br /> fetch_event_params("$var(param);$var(val);$var(thr);$var(user);$var(number);$var(ruleid)");<br /> xlog("E_FRD_CRITICAL: $var(param);$var(val);$var(thr);$var(user);$var(number);$var(ruleid)\n");<br />}</p><p>Best regards,</p><pre>Liviu Chircu
OpenSIPS Developer
<a href="http://www.opensips-solutions.com/">http://www.opensips-solutions.com</a></pre><div>On 24.04.2018 12:06, Denis via Users wrote:</div><blockquote type="cite" cite="mid:10679041524560806@web50g.yandex.ru"><div>Hello Liviu!</div><div> </div><div>"Yes, the "sequential calls" holds the size of the last batch of calls<br />sent to the same number. For example, if a user were to dial 44 and 45<br />prefixes in a round-robin manner, his "sequential calls" value would<br />never exceed 1."</div><div> </div><div>Here you can find acc from one of the client (from the beginning of the 24.04)</div><div><span style="background-color:#ffffff;color:#000000;display:inline !important;float:none;font-family:yandex-sans,arial,sans-serif;font-size:15.0016px;font-style:normal;font-variant-caps:normal;font-variant-ligatures:normal;font-weight:400;text-align:start;text-transform:none;white-space:normal;"><a href="https://yadi.sk/i/Zkj70CCM3UiEyw">https://yadi.sk/i/Zkj70CCM3UiEyw</a></span></div><div> </div><div><span style="background-color:#ffffff;color:#000000;display:inline !important;float:none;font-family:yandex-sans,arial,sans-serif;font-size:15.0016px;font-style:normal;font-variant-caps:normal;font-variant-ligatures:normal;font-weight:400;text-align:start;text-transform:none;white-space:normal;">and fraud module params looks like </span></div><div><div> prefix: 810</div><div> start_hour: 00:00</div><div> end_hour: 23:59</div><div> daysoftheweek: Mon-Sun</div><div> cpm_warning: 10</div><div> cpm_critical: 11</div><div> call_duration_warning: 1499</div><div> call_duration_critical: 1500</div><div> total_calls_warning: 99</div><div> total_calls_critical: 100</div><div> concurrent_calls_warning: 25</div><div>concurrent_calls_critical: 30</div><div> sequential_calls_warning: 14</div><div>sequential_calls_critical: 15</div><div> </div><div>Something wronge))))</div><div>As you can see the client dial different numbers but module detects fraud anyway.</div></div><div> </div><div>-- </div><div>С уважением, Денис.</div><div>Best regards, Denis</div><div> </div><div> </div><div> </div><div> </div><div> </div><div>19.04.2018, 18:14, "Liviu Chircu" <a href="mailto:liviu@opensips.org"><liviu@opensips.org></a>:</div><blockquote type="cite"><div bgcolor="#FFFFFF"><p>Hi Denis!</p><p>Good catch! For the first time, I documented a parameter, but forgot to export it for the script writer as well! :)</p><p>It is now fixed. Thank you!</p><p>Cheers,</p><pre>Liviu Chircu
OpenSIPS Developer
<a href="http://www.opensips-solutions.com/">http://www.opensips-solutions.com</a></pre><div>On 19.04.2018 17:28, Denis via Users wrote:</div><blockquote type="cite" cite="mid:1389971524148132@web59g.yandex.ru"><div>Hello, Liviu!</div><div> </div><div>I had installed latest Opensips 2.2 (Opensips 2.2.6)</div><div> </div><div>In a log file, during start of Opensips, i can see</div><div>ERROR:core:set_mod_param_regex: parameter <use_local_time> not found in module <fraud_detection></div><div> </div><div>Where is mistake?</div><div> </div><div>Thank you.</div><div> </div><div>-- </div><div>С уважением, Денис.</div><div>Best regards, Denis</div><div> </div><div> </div><div> </div><div> </div><div> </div><div>13.04.2018, 09:49, "Denis via Users" <a href="mailto:users@lists.opensips.org"><users@lists.opensips.org></a>:</div><blockquote type="cite"><div>Ok, thank you</div><div> </div><div>-- </div><div>С уважением, Денис.</div><div>Best regards, Denis</div><div> </div><div> </div><div> </div><div> </div><div> </div><div>12.04.2018, 14:23, "Liviu Chircu" <<a href="mailto:liviu@opensips.org">liviu@opensips.org</a>>:</div><blockquote type="cite"><div bgcolor="#FFFFFF"><p>Use $Ts [1] to get the current UNIX timestamp in seconds.</p><p>[1]: <a href="http://www.opensips.org/Documentation/Script-CoreVar-2-4#toc91">http://www.opensips.org/Documentation/Script-CoreVar-2-4#toc91</a></p><pre>Liviu Chircu
OpenSIPS Developer
<a href="http://www.opensips-solutions.com/">http://www.opensips-solutions.com</a></pre><div>On 12.04.2018 14:08, Denis via Users wrote:</div><blockquote type="cite" cite="mid:943251523531284@web48j.yandex.ru"><div>Liviu, is there any way to find out current time from Opensips during call processing (some functions, variables etc which i can use in opensips.cfg)?</div><div> </div><div>Thank you</div><div> </div><div>-- </div><div>С уважением, Денис.</div><div>Best regards, Denis</div><div> </div><div> </div><div> </div><div> </div><div> </div><div>12.04.2018, 13:50, "Liviu Chircu" <a href="mailto:liviu@opensips.org"><liviu@opensips.org></a>:</div><blockquote type="cite"><div bgcolor="#FFFFFF"><p>Hi Denis,</p><p>The fraud detection module has no such mechanism, currently. We could invent some variables such as $frd_last_warn, $frd_last_crit, $frd_first_warn, $frd_first_crit. They would output a UNIX timestamp. If there were no warnings during the current interval, the timestamp value would be 0. Can't think of anything better now - you can polish this idea and open up a pull request if you want.</p><p>How many users do you have? The "cachedb_local" offers a fast and configurable hash implementation. Why wouldn't it be a good solution in order to store/fetch the above-mentioned timestamps for each of your users?</p><p>Best regards,</p><pre>Liviu Chircu
OpenSIPS Developer
<a href="http://www.opensips-solutions.com/">http://www.opensips-solutions.com</a></pre><div>On 10.04.2018 13:11, Denis via Users wrote:</div><blockquote type="cite" cite="mid:324741523355075@web30o.yandex.ru"><div>Hello, Liviu!</div><div> </div><div>"So you want to check the time of the last fraud detection attempt for a user?"</div><div> </div><div>Yes, but not for store this time to anywhere.</div><div>I want to detect the time of the first fraud call, and if this time, for example, between 19:00 and 09:00, make some actions.</div><div> </div><div>Can i do it with Opensips?</div><div> </div><div>Thank you.</div><div> </div><div>-- </div><div>С уважением, Денис.</div><div>Best regards, Denis</div><div> </div><div> </div><div> </div><div> </div><div> </div><div>10.04.2018, 12:28, "Liviu Chircu" <a href="mailto:liviu@opensips.org"><liviu@opensips.org></a>:</div><blockquote type="cite"><p>Hi Denis,<br /><br />Yes, the "sequential calls" holds the size of the last batch of calls<br />sent to the same number. For example, if a user were to dial 44 and 45<br />prefixes in a round-robin manner, his "sequential calls" value would<br />never exceed 1.<br /><br />So you want to check the time of the last fraud detection attempt for a<br />user? You can use "cachedb_local", for example, and hold the last fraud<br />detection timestamp for each user. Also, note that check_fraud() [1] has<br />some useful return codes (-1 and -2), in case you don't want to use the<br />E_FRD_ events.<br /><br />Cheers,<br /><br />[1]:<br /><a href="http://www.opensips.org/html/docs/modules/2.4.x/fraud_detection.html#func_check_fraud">http://www.opensips.org/html/docs/modules/2.4.x/fraud_detection.html#func_check_fraud</a><br /><br />Liviu Chircu<br />OpenSIPS Developer<br /><a href="http://www.opensips-solutions.com/">http://www.opensips-solutions.com</a><br /><br />On 09.04.2018 09:12, Denis via Users wrote:</p><blockquote> Hello, Liviu!<br /> Thank you very much!<br /> I will try your fix.<br /> And, What does "Sequential calls" mean? These are calls to one number?<br /> So, if we have situation dealing with reset counters, i want to make<br /> one thing.<br /> I want to check the time when fraud has been detected and if this<br /> time, say, after 19:00 make some actions. How can i check time of the<br /> call processing?<br /> Thank you.</blockquote><p><br /><br />_______________________________________________<br />Users mailing list<br /><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br /><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></p></blockquote> <pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre></blockquote></div>,<p>_______________________________________________<br />Users mailing list<br /><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br /><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></p></blockquote> <pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre></blockquote></div>,<p>_______________________________________________<br />Users mailing list<br /><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br /><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></p></blockquote>,<p>_______________________________________________<br />Users mailing list<br /><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br /><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></p></blockquote> <pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre></blockquote></div>,<p>_______________________________________________<br />Users mailing list<br /><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br /><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></p></blockquote> <pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre></blockquote></div>,<p>_______________________________________________<br />Users mailing list<br /><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br /><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></p></blockquote>