[asterisk-users] how to stop web Click to Call fraud, robots, etc
Mik Cheez
michael_bulk at wildgate.com
Wed Jul 16 13:47:46 CDT 2008
Require that the user is logged in, and that the form has random
text-image verification. Just my 2¢.
Chris Earle wrote:
> Hi all,
>
> I'm writing some code to do a web 'click to dial' sort of thing. Where the
> surfer puts in their number and some php/asterisk API code Originates a call
> out to them and connects them to an internal extension.
>
>
> But this raises a number of security/nuissance issues:
> I'm well aware that the numbers entered should be validated for local
> dialing etc....
> But...
>
> *What if a robot hits the page, fills out the form with a legit number, and
> effectively causes a prank call out to some poor soul?
> *invalid area codes? how to deal with? Check against a list of valid ones?
>
> That's all I can think of right now. Can all these issues be dealt with by:
> 1 -- a sort of easy route, add a CAPTCHA to the web form
> 2 -- compare against lists, or somehow do asterisk dialplan logic to stop
> ....well....how could you stop legit numbers?.... :-S
>
> Ideas, suggestions appreciated!!
>
>
More information about the asterisk-users
mailing list