I have a v17 system that was just hacked. Last time fwconsole ma upgradeall was run manually was maybe a month or two ago (?) so this may be a fairly recent exploit. It looks like they got in through a vulnerable freepbx module. I have it set to automatically update once a week on Saturday but it appears that was not happening. I see there are several modules with critical security updates which I had to manually update. Running fwconsole ma upgradeall worked normally with no errors.
Why are automatic updates not happening? I have Module Admin > Scheduler Automatic Module updates and Automatic Module Security updates Enabled in the GUI.
This is my crontab -u asterisk -e
1 0 * * * [ -e /usr/sbin/fwconsole ] && sleep $((RANDOM%30)) && /usr/sbin/fwconsole cdr --purnedata >> /var/log/asterisk/freepbx.log 2>&1
26 0 * * * /usr/sbin/fwconsole certificates --updateall -q 2>&1 >/dev/null
*/15 * * * * [ -e /usr/sbin/fwconsole ] && sleep $((RANDOM%30)) && /usr/sbin/fwconsole userman --syncall -q
/var/lib/asterisk/bin/queue_reset_stats.php --id=620
/var/lib/asterisk/bin/queue_reset_stats.php --id=621
2 * * * /usr/sbin/fwconsole util cleanplaybackcache -q
54 11 * * 6 [ -e /usr/sbin/fwconsole ] && /usr/sbin/fwconsole ma listonline --sendemail -q > /dev/null 2>&1
54 13 * * 6 [ -e /usr/sbin/fwconsole ] && /usr/sbin/fwconsole ma upgradeall --sendemail -q > /dev/null 2>&1
* * * * * [ -e /usr/sbin/fwconsole ] && /usr/sbin/fwconsole job --run --quiet 2>&1 > /dev/null