steve-bell15078 avatar image
steve-bell15078 asked bjsvec commented

unblockable repeat robo calls

I've been on Ringcentral for six months and like the system, but am receiving robo calls both at the office, and at home that are of a nature, so persistent and repetitive that are unfortunately, going to force me to drop the system if there is no way to fix this:

I receive REPEAT robocalls about every 5 minutes, starting around 7pm and running all night. One is from "SIP VICIOUS" and the other is from "888070xxxyyyzzz" (and similar numbers - this has been going on for months). Sometimes during that daytime when i'm at the office.

The whole purpose of this system is to provide a higher quality phone system for our customers and potential customers to call in on. But this unrestricted, constant repetitive robo calla ctivity basically, renders our RingCentral phone system deployment worthless to us.

I've called into to tech support several times on this. I have blocked calls without calling party ID. But these calls don't even show up in my call log.

If RingCentral can forward the id's, fake or whatever, like SIP VICIOUS right onto my Ringcentral phone displays, why can't they allow me to block these calls? And record them in the call log?

I have been forced to disconnect my system at night, during the day when it's plugged in, 90% of my calls are this robo junk.

I get robo calls on my cell too, up to 15-20 per day, but they aren't as bad because they only call you once, at most 3 times a day. But on Ringcentral, these robo callers call me repeatedly, every 5 minutes.

Before i disconnect, i thought i would post here because i really don't want to give up on the system. I just can't deal with this though, it's too time consuming and interupts our work.

I worked at Bell Labs for 8 years so i understand VoIP, Signaling System 7, telecom -- this seems to me to be something that could be fixed if RC wanted to. I would think this would put Ringcental out of business over not too long of period?

Since it's so serious of problem -- i just wonder, WHY has it not been fixed? i've had this since i opened the account and purchased the Yealink phones 6+ months back.

Steve B.

Blastoff Labs

Digital Marketing Agency

Reno, NV

1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

bjsvec avatar image
bjsvec answered Chris Rosa commented
I'm not going to address the large topic of robocalls since it is discussed elsewhere in this forum and outside, but the SIP VICIOUS things stood out to me.  That is a well known pen test/hacking tool and if you are seeing that, it may indicate your phone is open to the internet in a way it should not be.  Either by having the phone use a public IP address (very bad idea) or forwarding/opening inbound ports to your phone (also bad).  Do you manage your own network and know how it is setup?

It is also possible someone just thought it was a cute CNAM to use too..

1 comment
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

From the Sip Vicious blog...
In this case, however, things are a bit different. While launching an INVITE scan on a vulnerable PBX system can be useful for the hacker, doing the same thing on an IP Phone (or VoIP Phone) just makes it ring. While some phones will only ring when the correct number is called, others ring when any number (or rather, any SIP address) is specified in the INVITE message. So the attackers/hackers/cyber-criminals ended up getting phones to ring. I think this is a mistake that they were making, possibly because they are not differentiating between a phone and a PBX system.
So it sounds like a hacker is trying to find a route through a PBX system, but is just ringing your phone. Definitely look into your network setup to make sure this phone isn't exposed to the internet directly.

1 Like 1 ·
steve-bell15078 avatar image
steve-bell15078 answered steve-bell15078 commented
Hi Brandon,

That sounds like some good info!  It makes sense that these malicious repeat calls might be coming in directly off the internet, bypassing RC, since they do not show up in the call log or respond to call blocking settings. 

re: the settings, I purchased Yealink phones from RingCentral, and except to associate them to the base station haven't done anything fancy with their factory configuration.  

I have grilled their tech support staff hard on this for six months, and no one every came up with an idea like yours.  They did suggest i post here.  

I do manage the network and am fairly technical, if you send me pointers how to check this out i will execute, for sure!  If this can be fixed, that would be fantastic as i think RingCentral is a great system. 

One other thing i'm concerned about that's big -- it seems to me like, using RC introduces about 300-400mS more latency into my calls than i've had with other VoIP or cellular systems.  It makes people think you are cutting them off, or vice-versa.  Are they perhaps hosting their service from somewhere half way around the world from where i'm at (NV, USA) causing this?  Or is there perhaps a technical solution to that one?

Thanks much for your reply.  Let me know where to look and/or what to check out.  Much appreciated. 

Steve B. 
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Steve B,

For the latency issues, it sounds like a QoS/Router setup issue. Check out this RingCentral support link below for more information on how to troubleshoot this type of issue.
1 Like 1 ·
Make sure your firewall/router has no port forwarding to any of your phones (particularly the ones having this trouble).

Log in to the Yealink and make sure you are using an internal (RFC 1918) IP address.

re: the latency, do you only have the Yealink cordless phones?  they could be introducing latency.  Can you compare to calls from a desk phone or mobile app or desktop call from the same network to see if there is a difference?

Here is the full network guide you might want to take some time to review to get a handle on this too:
1 Like 1 ·
Thanks J.B. and Brandon, you guys are terrific!

ok thinking about it... i had internal/network issues when i started noticing this, it may have corrected... so let me re-baseline on it.  Also i will run the tests you suggest. 

Unfortunately, on the home front i cannot access the router config... it's fixed and managed by a 3rd party.  But i got them to put the router into bridged mode which solves a lot of problems.  It's an ultramodern multi-tenant building with Gigamonster fiber and Zhone routers that are managed by the network provider.  At the office it's a University-managed, 20,000 user network on a fiber/SWITCH backbone.  But at the office i use the mobile client on 5G half the time. 

I will also try with PC client, mobile phone client, vs the Yealink and report back here.   I will compare performance on 5G using the mobile client. 

fyi i am on screaming fast fiber internet connections both at the office and at home... 1,000Gbps+ at the office, 800Mbps+ (when connected via Cat 6 cable) at home.  I don't use any Wi-Fi connections except for mobile phone and iPad, but haven't been using those for RC.

I'll do the suggesting homework then report back.   
1 Like 1 ·
steve-bell15078 avatar image
steve-bell15078 answered bjsvec commented
Thanks everyone for the comments on here.  The first thing i'm trying to do is login to the web interface of the W56P's base station.  I found the manuals, used the address which base station address whic is in the format 24.xx.yyy.zzz, then used the standard default admin id/password reported in the manual and online - it's supposed to be admin/admin, and there are two others.  But none work, from either Chrome or Edge - it says i'm not authorized.  And it ended up locking me out for 60 minutes.  Looks like Yealink has no phone support, are there any recommendations how to login to this thing?  And once i'm in there, what to look for in config. 

Seems like somehow, my phone is exposed to the internet.  The calls from SIPVICIOUS and similar, show up in the phone's call log; but blacklisting them on the phone doesn't work.  However they don't show up in the Ringcentral account online call log, so they appear to be coming in off the internet, vs RingCentral.  It's an "aha" to know that, but i need to login then figure out what to change...  TIA for any suggestions!
1 |3000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

I am not sure I can help with Yealink configuration, but knowing the IP address starts with 24 means it is on the public internet and not good.  You may not need to configure anything at all if it is pulling that address via DHCP.

Can you simply try to plug it in to a "regular" network port that gives it an internal IP address?
1 Like 1 ·
Hi Brandon, 

I am setting on a 24 port switch connected to a Zhone router managed by a 3rd party.  I know they put the Zhone into "bridge mode" to resolve some issues - the router was causing the RC gateway not to work. I guess that means the Gateway router is assigning public IP addresses when DHCP'd?  

I  just did a whatismyip from my PC and it's also 24...  connected directly to the ISP in Georgia.  I guess that means my PC's are also setting on the public internet vs behind a local router?  

I do have a WiFi router i will try putting it behind that. 

0 Likes 0 ·
Anything is possible.. Can you see what IP your desktop or laptop gets when connected to the switch?  Don't do but check in your network settings or from a command prompt (windows) type ipconfig and look for your IPV4 address.

What is the 'RC gateway' exactly?  Is that another device and where is located compared to the switch and the zhone router?
0 Likes 0 ·
Work together.
From anywhere.

Team messaging, video meetings
and phone - all in one app.

Get the new RingCentral app