provided by Star2Billing S.L.

Having just been stung with a significant negative balance I have been looking at the issue again.

Though it seems very difficult to actually prevent because of the way a2billing bills at the end of the call, I think I can see a way of mitigating it.

I don't know the exact solution but here's my line of thought to see what people think.

I can see the AGI will return a bunch of things relating to a call in progress, the interesting ones for me are:

CDR Variables:
level 1: dnid=02032312321
level 1: clid=441212323256
level 1: src=441212323256
level 1: dst=02032312321
level 1: dcontext=a2billing
level 1: channel=SIP/8495500003-00000246
level 1: dstchannel=SIP/gateway1-00000247
level 1: lastapp=Dial
level 1: lastdata=SIP/gateway1/442032312321,60,iL(84423000:61000:30000)
level 1: start=2013-03-24 17:22:02
level 1: answer=2013-03-24 17:22:05
level 1: duration=4742
level 1: billsec=4739
level 1: disposition=ANSWERED
level 1: amaflags=BILLING
level 1: accountcode=8495500003
level 1: uniqueid=1364145722.582
level 1: linkedid=1364145722.582
level 1: sequence=739

This, barring one gives us all we need to calculate the cost of calls in progress.
If an extra variable or two could be injected here, in its simplest form the cost per minute, we could use the billsec*costpermin/60 to give us the current ongoing call cost.
We could use a cron script every minute to run through every outbound channel and tot up the current call cost per accountcode and compare it with the remaining balance in the DB and then hangup the calls if this were reached or exceeded.
If the AGI that sets up the call did a similar thing too, ie calculated the total outstanding costs of the calls for accountcode it was setting up a call for this would finish any attack quite quickly that was going to lead to a negative balance.

Any thoughts anyone?

May I ask, how do you believe this occurred in your situation? Prepaid, postpaid, DID call, simultaneous call, starting balance, ending balance. can you provide specifics for this account/call?

The actual scam is very easy.

Get an account with a provider who allows simultaneous access.

Can be done with even a low rate premium number, in the UK we have many that are maybe £0.10 per minute.

Credit your account with £50

Start as many calls as you can to the number then go away and forget it.

I know it can happen that way, I was just curious in your case. It can also happen because of a couple of bugs in A2B . One is if the account is prepaid, then it will authenticate even when it is out of credit effectively creating negative. that is described here: viewtopic.php?f=34&t=9308 it still exists in 2.0.1.

Two, another issue with DID to DID calls that are not free, the timeout is calculated incorrectly and allows more call time resulting in negative balance.

I've reposted a script which incorporates what you've mentioned in your post. It will work on a single machine only, not in a distributed environment where a particular account can be active anywhere.

viewtopic.php?f=35&t=9302&p=35751

I haven't even looked at that script properly but thanks so much for even trying to tackle it.

Luckily we have a decent provider and I can get current cost of calls through a script from them. I have a very lame but effective cronjob running at the moment that rings me when a certain threshold is reached.

I'm sure that with that combined with your script I will get a much more settled sleep at night now, thanks again!