[asterisk-users] how to stop web Click to Call fraud, robots, etc

Chris Earle cearle at cbltech.ca
Wed Jul 16 13:05:06 CDT 2008


Hi all,

I'm writing some code to do a web 'click to dial' sort of thing.  Where the
surfer puts in their number and some php/asterisk API code Originates a call
out to them and connects them to an internal extension.


But this raises a number of security/nuissance issues:
I'm well aware that the numbers entered should be validated for local
dialing etc....
But...

*What if a robot hits the page, fills out the form with a legit number, and
effectively causes a prank call out to some poor soul?
*invalid area codes? how to deal with?  Check against a list of valid ones?

That's all I can think of right now.  Can all these issues be dealt with by:
1 -- a sort of easy route, add a CAPTCHA to the web form
2 -- compare against lists, or somehow do asterisk dialplan logic to stop
....well....how could you stop legit numbers?.... :-S

Ideas, suggestions appreciated!!


-- 
--
Chris Earle






More information about the asterisk-users mailing list