CDR Errors after compromise cleanup

Guys, i’ve been hit by this exploit. I have cleaned the system manually. However asterisk now fails with:

“ERROR[28492]: cdr_mysql.c:578 my_load_module: Unable to query table description!! Logging disabled.”

Any ideas about this? If i do a “amportal start”, it goes on a restart loop

mysqlcheck --all-databases --repair

Yes, i’ve done that. All DBs are OK. I’m totally lost here…

That error only happens when the cdr database isn’t working properly. Possibly missing? But more likely, corrupt.

There’s another thread on that here:

Thanks xrobau. I will look it to it more properly. Probably the exploit did something to it in order to cover his nasty calls. However, i have another * server and that CDR problem didn’t happen there. I will get a way to see how a properly table looks like.

Ok guys, this was caused by bad permissions on the /tmp directory. Mysql error log was showing an “can’t create file on /tmp” error, but only on mysqld’s startup. Still that was enough to prevent * from starting. /tmp permissions fixed, it’s ok now. BTW, the permissions were set to asterisk:asterisk.

If this was from the exploit, then how could the exploit chage to asterisk:asterisk, if it’s hasn’t root permissions?! I’m assuming the exploit only got FreePBX user (asterisk), permissions.