Archives 2020

How to – Fix error in Vicidial: There is a time synchronization problem with your system, please tell your system administrator

How to – Fix error in Vicidial: There is a time synchronization problem with your system, please tell your system administrator

There is a time synchronization problem with your system, please tell your system administrator

There is a time synchronization problem with your system
Time Sync Error

In case you have this error upon installation or upgrade your Vicibox/Vicidial check the following:

  1. Using timedatectl utility make sure server’s timezone is set correctly and server’s date/time is correct. Set proper timezone if needed
  2. Check that timezone is correct in /etc/php7/apache2/php.ini. Set proper timezone if needed and restart Apache
  3. If it did not help check and compare time values in Vicidial database, server time and PHP time. Use the following command:
1# echo “SELECT server_ip, UNIX_TIMESTAMP(last_update),UNIX_TIMESTAMP(db_time) from server_updater” | mysql -uroot asterisk && php -r “date_default_timezone_set(‘America/New_York’); echo ‘php time: ‘.date(‘U’);” && echo “”

Specify your timezone in the command above. This should output three values that must be the same.

If DB time is wrong it means that /usr/share/astguiclient/AST_update.pl script does not update DB value. Try to launch it manually and check for output.

If it throws error:

pattern match timed-out at /usr/share/astguiclient/AST_update.pl line 470

The code at line 470 is a “waitfor()” function that is attempting to match the response from the Asterisk server with a regex pattern but the response from the server doesn’t match the regex pattern.

Patch the file:

in two places near line 470 and near line  534 replace:

$t->waitfor(‘/[0123]\n$/’);

with

$t->waitfor(‘/[0123456789]\n$/’);

then make sure AST_update.pl can run and DB time value is updated.

It expects only 0123 at the end while Asterisk Manager responses with:

123456789# telnet 127.0.0.1 5038 Trying 127.0.0.1… Connected to 127.0.0.1. Escape character is ‘^]’. Asterisk Call Manager/2.10.<strong>5</strong>

Another way to patch:

Original: $t-waitfor(‘/[0123]\n$/]);

Replacement: $t-waitfor(‘/Asterisk Call Manager.+\n$/’);

Check the following files for this issue and patch them as well:

AST_manager_listen.pl   – line 237
AST_manager_listenBUFFER.pl  
– line 236


/usr/share/astguiclient/AST_update.pl runs in a separate detached “ASTupdate” screen and can be accessed as:

1# screen -r ASTupdate

maybe you will need to kill it and start it up again after your database changes was made

To see the list of screens:

12345678910111213141516171819# screen -ls There are screens on:         2715.ASTemail   (Detached)         2712.ASTVDadFILL        (Detached)         2709.ASTfastlog (Detached)         2706.ASTVDadapt (Detached)         2691.ASTupdate  (Detached)         2315.asterisk   (Detached)         2302.astshell20200129173240     (Detached) 7 Sockets in /run/screens/S-root.

CyburDial Starter Pack

Start your own “Work from Home” Contact Center for less than $100 USD

We offer an All-in-one Contact Center Solution that has the ability to work from anywhere on any smart device with no additional downloads required. Sign up today and start your targeted campaign in less than an hour. Not sure what type of business to start? No Problem, we can help you with that too with one of our “turnkey” solutions that comes with everything you need to be successful.

Need to get dialing today? Sign up now for our CyburDial starter pack:

  • Shared Server with Admin Access
  • Up to 10 Agents/Users
  • First Campaign setup included($25 Value)
  • 1 DID(Direct Inward Dial) number included($2.50 Value)
  • 1000 minutes included($10 Value)
  • 2 Hours Tech Support included($90 Value)
  • IP Whitelist for secure access(Dynamic Portal Included)($75 Value)
  • CyburPhone(WebRTC Phone) integration included($50 Value)
  • BYOC(Bring your own carrier) or use ours at less than a penny a minute
  • Setup and ready within 1 hour!(Rush service available)

All this for ONLY $99 Dollars!


Tired of being tethered to an office or a computer? Unleash yourself today!

Tired of being locked to your desk at work? What about concerns about Covid? Do you want to be able to work not only from home, but from anywhere….with any device? Well, we have some great news for you, not only will you no longer be locked in an office building behind a desk or cubicle, but you don’t need to be tethered to a computer any longer either! Watch the following videos to see how our cloud based predictive dialer works on iPads, Tablets, iPhones and other Android devices, not just the regular devices you’re used to such as laptops and desktops.

iPhone
Laptop

Ask us how we can help you get unleashed from the monotonous routine of hitting the dialer from a confined cubicle, to be able to work from ANY DEVICE from ANYWHERE!! Call us now: 954-947-7572

Is there a dialer system that I can use from any device?

The answer is YES! Our cloud based predictive dialers can be used from any device. We integrate WebRTC technology which allows users to make phone calls from within a browser such as Chrome or Firefox. Below is an example of one of our current clients as he logs into the system as an agent, comes out of pause and his very first call he got through his pitch which automatically popped up(no paper pitch needed), transferred the call to a closer who he was able to speak to first without the customer hearing, then introduced his closer who then happened to close that deal, however the point of this article was to show you in action how some features work without needing additional software for your device such as Zoiper or X-Lite.


Request a quote now to start saving money and taking advantage of such features as: IVR(Intelligent Voice Response), Outbound, Inbound, Survey and Press 1 campaigns, Secure Encryption, built in WebRTC Phone, lead filters for precise targeting, and so much more! Take a test drive now.

How to Avoid Being Marked Scam Likely Caller ID

Scam phone calls have existed for years. However, robocalling technology — systems that allow parties to dial numbers automatically or use prerecorded voice messages — have made receiving fraudulent calls much more common. In 2018, the number of robocalls made per month equaled an estimated 3.4 billion. Though there are many types of non-fraudulent robocalls, ranging from emergency alerts to solicited telemarketing messages, the number of illegitimate calls remains significant.

In response to the growing number of scam calls to mobile phones, many carriers and third parties have created tools to identify and block scam calls. Unfortunately, these tools aren’t perfect. Businesses that use legitimate robocalls, and even some that don’t, may have their numbers incorrectly marked by scam ID technology, particularly when calling cell numbers. With smartphones in the hands and pockets of 81 percent of U.S. adults, you need to know that your calls are reaching your customers. Read on to learn how you can avoid being marked with a Scam Likely caller ID.

What Is Scam Likely Caller ID?

In an attempt to improve customer experience, the carrier T-Mobile launched a feature called Scam ID, which is automatically enabled on T-Mobile and MetroPCS devices. When someone calls one of these devices, T-Mobile checks the number against its database of reported scam numbers. If the source matches a reported scam number, the person being called sees a message that says “Scam Likely” alongside standard caller ID. The user can then decide whether or not to answer the call.

In addition to Scam ID, T-Mobile and MetroPCS also allow customers to opt in to a Scam Block feature that prevents all Scam Likely calls from reaching the user’s phone. Though T-Mobile was the first carrier to integrate this feature into their service for free, other carriers have since introduced their own paid and free versions. Third party apps also allow smartphone users to detect, report and block scam calls.

While Scam Likely Caller ID features do help users avoid potential scams, they sometimes mark legitimate calls incorrectly. To understand why, let’s take a look at what Scam ID uses to identify risky calls.

What Scam ID and Other Services Look For

To identify likely scam calls, T-Mobile’s Scam ID looks for two main traits associated with fraud and robocalling: a high volume of calls originating from the number and existing complaints filed about the number. This means numbers marked with “Scam Likely” tend to be either numbers that originate a large number of robocalls or numbers that have a record of being reported by recipients as scams.

Scam ID successfully blocks many illegal calls. However, there are two problems that lead to legitimate calls being blocked:

1. The algorithm fails to distinguish between legal and illegal robocalls: Because the system looks only for high-volume originating numbers, the service may mark legal robocalls as scam. Examples of legal robocalls include calls from non-profits and telemarketing calls made with a person’s express consent.

2. Users may report a number erroneously: Some people avoid calls from all unknown numbers. As a result, some customers may report your number without answering the phone. If this happens enough, your number will be marked Scam Likely.

How Scam Likely Phone Block Can Hurt Your Business

Getting a number marked Scam Likely incorrectly is common for businesses and organizations using legitimate robocalling. This mislabeling can harm your business by:

  • Preventing people from getting your calls: If a customer has Scam Block or an equivalent feature enabled on their phone, they won’t receive your calls, leading to lost leads and a decreased number of call responses.
  • Convincing people to ignore your calls: People tend to ignore or decline calls accompanied by scam warnings, which could lead to miscommunication and lost leads as well. In one study, only one in 10 people reported answering a call from a Scam Likely number.
  • Creating customer dissatisfaction: When customers don’t receive a call they’re expecting, they can become frustrated with your business. Miscommunication created by Scam Likely caller ID can lose you customers, especially if it prevents you from delivering your product or service on time.

Four Ways You Can Avoid Being Marked Scam Likely

Because getting incorrectly listed as a scam number can have an enormous impact on the success of your business, you need to take steps to avoid being marked with this caller ID. Use these strategies to protect your number:

1. Understand robocall laws: The Federal Communications Commission (FCC) has laws about making robocalls. Making sure you understand the FCC’s robocall laws helps you stay off scam number databases and gives you legal ground should your number be marked incorrectly.

2. Originate calls individually: If you can originate calls to customers individually, do so. This prevents Scam ID from identifying your number when searching for high-volumes of calls coming from a single number.

3. Ask customers to save your number: Some third-party scam blocking apps allow users to block calls from unknown numbers. Others even generate databases by excluding numbers stored in users’ contacts. Asking users to save your number can help ensure your call reaches them successfully.

4. Change numbers often: Most large contact centers change phone numbers often to avoid getting marked Scam Likely. You can also use this strategy, though it may not be practical for every business.

What to Do If You’re Already Marked Scam Likely

It’s often easier to avoid getting marked as a scam than to resolve the problem after the fact. The fastest way to get your company’s calls removed from a scam list is to change your phone number. However, you can also use these strategies to resolve the mistake and mitigate losses:

  • Report the mistake to the carrier or blocking service and request a correction
  • Keep customers informed and ask them to turn off their scam call blockers
  • Temporarily switch to another communication channel, such as email

Your ability to reach customers is an essential part of keeping your business running. As a result, you need to ensure your calls reach recipients without the burden of a Scam Likely label.

How can CyburDial help you with this?

CyburDial uses ShakenSwitch which utilizes advanced algorithms to help mitigate calls against the “RoboKillers” and other Crowdsourcing API’s, not to mention our built in Carrier API that helps with calls directly with the major telco’s such at AT&T, T-Mobile, Verizon, Metro PCS and more. We work directly with the pioneers of the STIR/SHAKEN movement and have had the privilege’s to be blessed to beta test most of their apps before they come out to the public as well as being blessed with special pricing for this amazing service they call The DID manager combined with AI Health monitoring to constantly keep your DID’s fresh and not marked as “spam likely”. When you have a dialer system custom built for you by CyburDial you will be ahead of the game ten fold and no longer have to worry about your caller ID numbers showing up as scam likely, but thats not all, the DID manager also provides complete local area calling presence, so if your calling Miami, the caller ID will show up with a 305 or 786 area code, as it would also do with other states. Stop wasting time with all these other dialer hosting companies that not only control your dialer and force you to use their carrier service, their support team which is usually over priced, and Caller ID’s that are marked scam likely within days and let us show you what the future is about. We don’t rent you a server that we control, we custom build you YOUR own server that we can integrate with any CRM system that YOU own, YOU have total control over and YOU choose every aspect of your system including your support team, of course we are available for support if you like to use our services but it isn’t required. So what are you waiting for? Call us now at  +1 (725) 22-CYBUR or visit our 24 hour 7 days a week live support chat on Skype by clicking here.

We look forward to hearing from you and are ready to custom build your dialer with full integrations to CRM or other systems if needed, Turnaround time for strictly a dialer system is 24 hours, if you need integrations, we can discuss this further and give you an estimated time then.

-Chris aka carpenox(from the ViciDial forums)

Tired of TCPA Lawsuits? We can help you today!

How much do you know about TCPA(Telephone Consumer Protection Act) laws? My guess would be that you know the basics, that it’s real and you have most likely already experienced a lawsuit or 10. Well, we have some good news for you, we can help you stop all TCPA lawsuits today! Our cloud based predictive dialers are within the law and are not considered an auto dialer. Our dialers use special algorithms to automatically change the speed of the dialer based on how many agents are waiting for calls. We can fine tune these settings for you to get it set where you never have to touch your “Ratio” number again. On top of that, by using our predictive mode, you will not be breaking the laws as they refer to the TCPA. Read the article below to find out how telemarketers are winning lawsuits against TCPA litigators by using our dialers!

https://www.dnc.com/news/northern-district-texas-determines-predictive-dialers-are-not-atds

tcpa

MAJOR UPDATE: The US Supreme court ruled the definition of an ATDS which predictive dialers do NOT fall under: https://tinyurl.com/tcpawin

You know what I have to say about this? Get a REAL job TCPA litigators, especially you Stewart Abramson, go F@#K yourself!

Check out our live demo free!

Realtime

Check out the capabilities of our cloud based predictive dialer with our live demo. We offer Vicidial, ViciDialNOW, GoAutoDial and more.

Want to check out what we can offer? Login to the newest version of ViciDial in the industry, backed by a non public version of Asterisk(18.19.0) and also equipped with CyburPhone 3.5(Unreleased) and take it for a test drive now.

Https://demo.dialer.one
Admin Login: 0000 / Password: demo
Agent Login: 0000 / Password: demo

Our services come backed by our cyber security expertise giving you the most protection for your data and sensitive information.

We offer setups for Outbound, Inbound, Surveys, and press 1 campaigns. Multi cluster setups custom made to meet your needs. Check out the second picture to see one of our cluster setups .

Can you run VICIdial on an iPhone?

That’s an interesting question. Given the current state we’re in with global pandemics threatening shutdowns for some and work-from-home for others, many of us are looking for mobile work-from-anywhere solutions. At Cyburity LLC we are always pushing the envelope to see what we can do next and how much farther we can push contact center technology. Check out this video to see how our cloud based dialers come stock with the technology to work not only from anywhere, but with any device.

Metasploit — A Walkthrough Of The Powerful Exploitation Framework

Ethical Hacker

Metasploit can handle everything from scanning to exploitation. In this article, we will take a look at what makes Metasploit the most versatile penetration testing toolkit.

Image for post

Intro to Penetration Testing

If you are new to penetration testing, let me explain what it is before I introduce you to an exploitation tool.

Penetration testing is hacking with permission. You might have seen cool hackers on TV attacking computer systems without getting caught. But that’s not how it works in the real world.

If you hack someone without permission, there is a high chance that you will end up in jail. So if you are planning to learn hacking with evil intentions, I am not responsible for any damage you cause. All my articles are purely educational.

So, if hacking is bad, why learn it in the first place? Every device on the internet is vulnerable by default unless someone secures it.

Its the job of the penetration tester to think like a hacker and attack his or her organization’s systems. The penetration tester then informs the organization about the vulnerabilities and advises on patching them.

Penetration testing is one of the highest-paid jobs in the industry. There is always a shortage of pen-testers since the number of devices on the internet is growing exponentially.

Right. Enough pep talk. Let’s look at one of the coolest pen-testing tools in the market — Metasploit.

Metasploit — The Complete Framework

Metasploit is a penetration testing framework that helps you to find and exploit vulnerabilities in systems. It gives you everything you need from scanners to third-party integrations that you will need throughout an entire penetration testing lifecycle.

This includes reconnaissance, scanning, exploitation, privilege escalation, and maintaining access.

Image for post
Penetration testing lifecycle

Metasploit is an open-source framework written in Ruby. Metasploit is written to be an extensible framework so that if you want to build custom features using Ruby, you can easily do that via plugins.

Rapid7, the company behind Metasploit offers a premium version of Metasploit with advanced features.

Metasploit is also frequently updated with new exploits published in the Common Vulnerabilities and Exposures (CVE). So if a new vulnerability is found and published, you can start scanning your systems right away.

Metasploit comes with anti-forensic and evasion tools built into it. Metasploit is also pre-installed in the Kali operating system.

Components

Now that you know what Metasploit is, let’s look at the core concepts of Metasploit.

Metasploit offers you a few key components to find and exploit vulnerabilities on a network. This includes exploits, payloads, auxiliaries, and so on. Let’s look at each one of them in detail.

Exploits

An exploit is a piece of code that takes advantage of a vulnerability in a system. These exploits perform specific actions based on how bad the vulnerability is.

Exploits can take advantage of software vulnerabilities, hardware vulnerabilities, zero-day vulnerabilities, and so on. Some of the common exploits include buffer overflows, SQL injections, and so on.

Image for post
Metasploit exploits list

Metasploit offers a number of exploits that you can use based on the existing vulnerabilities in the target system. Metasploit exploits can be classified into two types:

  • Active Exploits — Active exploits will run on a target system, exploit the system, gives you access or performs a specific task, and then exits.
  • Passive Exploits — Passive exploits will wait until the target system connects to the exploit. This approach is often used by hackers on the internet asking you to download files or software. Once you do, you connect yourself to a passive exploit running on the hacker’s computer.

Payloads

A payload is a piece of code that runs through the exploit. You use exploits to get into a system and payloads to perform specific actions.

For example, you can use a keylogger as a payload along with an exploit. Once the exploit is successful, it will install the keylogger in the target’s system.

Metasploit offers a good collection of payloads like reverse shells, bind shells, Meterpreter, and so on.

Image for post
Payloads

There are a few payloads that will work with the majority of exploits, but it takes some research to find the right payload that will work with the exploit. Once you choose an exploit, you can list the payloads that will work with that exploit using the ‘show payloads’ command in Metasploit.

There are a few types of payloads in Metasploit. The ones you will end up using the most are these three types:

  • Singles — Payloads that work on their own. eg. keyloggers.
  • Stagers — Payloads that work with others eg. two payloads: one to establish a connection with the target, the other to execute an instruction.
  • Meterpreter — Advanced payload that lives on the target’s memory, hard to trace, and can load/unload plugins at will. We have a section on Meterpreter where I will explain it in detail.

Auxiliaries

Auxiliaries are modules that help you perform custom functions other than exploiting a system. This includes port scanners, fuzzers, sniffers, etc.

For example, you can use the CERT auxiliary to check for expired SSL certificates on a network. This is useful for system administrations to automate certificate management.

Image for post
Metasploit Auxiliaries

If you are familiar with Ruby, you can write your own auxiliaries. If you want to scan a network for specific vulnerabilities every week, you can write your own custom auxiliary module to do that. You can then use it to scan your network instead of using an existing scanner like Nmap.

Tools

Now that you know how Metasploit functions, let’s look at the tools that Metasploit offers.

msfconsole

MsfConsole is the default interface for Metasploit. It gives you all the commands you need to interact with the Metasploit framework.

It takes a bit of a learning curve to familiarize yourself with the CLI, but once you do, it is easy to work with. Also, MsfConsole is the only way you can access all the features of Metasploit.

Image for post
msfconsole

MsfConsole also offers tab-completion for common commands. Making yourself familiar with the MsfConsole is an important step in your journey to becoming a Metasploit professional.

msfdb

If you are working with large networks on a regular basis, chances are, you will need a place to store your data. This includes scan results, login credentials, and so on.

Metasploit offers a database management tool called msfdb. msfdb works on top of a PostgreSQL database and gives you a list of useful commands to import and export your results.

Image for post
msfdb Commands

With msfdb, you can import scan results from external tools like Nmap or Nessus. Metasploit also offers a native db_nmap command that lets you scan and import results using Nmap within the msfconsole.

MsfVenom

Finally, we have msfvenom (cool name, huh?). msfvenom enables you to generate custom payloads depending on your target.

Using an antivirus or a firewall can make a target system relatively secure. In those cases, existing Metasploit payloads might not work since they are generic for all systems falling under an operating system or a service.

Image for post
msfvenom

msfvenom was built by combining two older tools that Metsploit had: msfpayload and msfencode. msfvenom lets you create and encode custom payloads for your exploits.

Based on the additional information you have on the target, you can craft your own payloads to achieve a higher success rate during your penetration test.

Meterpreter

Metasploit is an advanced payload in Metasploit. Unlike other payloads that perform a specific function, Meterpreter is dynamic and can be scripted on the fly.

Image for post
Meterpreter Functions

If you can exploit a system and inject Meterpreter as the payload, here are some of the things you can do:

  • Establish an encrypted communication between your system and the target.
  • Dump password hashes from the target system.
  • Search for files on the target’s filesystem
  • Upload / Download files
  • Take webcam snapshots

Meterpreter is also incredibly stealthy. Since Meterpreter lives in the memory of the target, it is extremely hard to detect. It is also hard to trace Meterpreter using forensic tools.

Image for post
Meterpreter Python Module

You can write Meterpreter scripts on the fly using Ruby to carry out custom functions. Meterpreter also has a Python module that gives you additional commands to execute python scripts on the target machine.

Armitage

Armitage is a graphical user interface for Metasploit, written in Java. Armitage is considered to be a great addon for pen-testers familiar with the command-line interface.

Image for post
Armitage GUI

The core feature of Armitage is to visualize targets and recommend exploits. Armitage is also scriptable, which means you can automate redundant tasks like host discovery.

Armitage is extremely useful when you are working with a large number of systems in a network. You can use Armitage’s GUI to escalate privileges, browse files, dump password hashes, and so on.

Summary

Metasploit provides a suite of tools for you to perform a complete security audit of a network. Metasploit is frequently updated with the vulnerabilities published in the Common Vulnerabilities and Exploits database.

You can also use other tools like Nmap and Nessus with Metasploit through integrations or by importing their scan reports into Metasploit. Metasploit also has a GUI tool called Armitage that lets you visualize targets and recommend exploits.

If you are interested in learning more about Metasploit, check out the detailed reference guide published by Offensive Security.