Further Output.
[root@localhost ~]# ./fpbxseccheck.phar
Starting integrity check…
Attempting to upgrade Framework
–2014-10-13 17:50:33-- http://mirror1.freepbx.org/modules/packages/framework/framework-2.11.0.38.tgz?installid=b2d24f8672660174e834df6fdcb2e969
Resolving mirror1.freepbx.org… 162.253.134.144
Connecting to mirror1.freepbx.org|162.253.134.144|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 3419372 (3.3M) [application/octet-stream]
Saving to: â/var/www/html/admin/modules/_cache/framework-2.11.0.38.tgzâ
100%[========================================================>] 3,419,372 1.88M/s in 1.7s
2014-10-13 17:50:35 (1.88 MB/s) - â/var/www/html/admin/modules/_cache/framework-2.11.0.38.tgzâ
Downloading 3419372 of 3419372 (100%)
Untaring…Done
Module framework successfully downloaded
installing files to /var/www/html…done
installing files to /var/lib/asterisk/bin…done
installing files to /var/lib/asterisk/agi-bin…done
Checking for upgrades…No further upgrades necessary
framework file install done, removing packages from module
file/directory: /var/www/html/admin/modules/framework/amp_conf removed successfully
file/directory: /var/www/html/admin/modules/framework/upgrades removed successfully
file/directory: /var/www/html/admin/modules/framework/libfreepbx.install.php removed successfully
Module framework successfully installed
SETTING FILE PERMISSIONS
chattr: Operation not supported while reading flags on /var/www/html/cxpanel
chattr: Operation not supported while reading flags on /var/www/html/isymphony
chattr: Operation not supported while reading flags on /var/www/html/provisioning
chattr: Operation not supported while reading flags on /var/www/html/wcb.php
Permissions OK
Now Checking Framework…
Cleaning up exploit 'mgknight’
Removing invalid bootstrap file
Deleting mgknight user
Moving potentially compromised file /etc/asterisk/manager_custom.conf to /tmp/freepbx_quarantine/manager_custom.conf
Moving potentially compromised file /etc/asterisk/sip_custom.conf to /tmp/freepbx_quarantine/sip_custom.conf
Moving potentially compromised file /etc/asterisk/extensions_custom.conf to /tmp/freepbx_quarantine/extensions_custom.conf
Cleaned potential exploit. Please check your system for any suspicious activity. This script might not have removed it all!
OK
FreePBX ARI Framework detected as installed, attempting to update
–2014-10-13 17:50:38-- http://mirror1.freepbx.org/modules/packages/fw_ari/fw_ari-2.11.1.5.tgz?installid=b2d24f8672660174e834df6fdcb2e969
Resolving mirror1.freepbx.org… 162.253.134.144
Connecting to mirror1.freepbx.org|162.253.134.144|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 249070 (243K) [application/octet-stream]
Saving to: â/var/www/html/admin/modules/_cache/fw_ari-2.11.1.5.tgzâ
100%[========================================================>] 249,070 480K/s in 0.5s
2014-10-13 17:50:39 (480 KB/s) - â/var/www/html/admin/modules/_cache/fw_ari-2.11.1.5.tgzâ
Downloading 249070 of 249070 (100%)
Untaring…Done
Module fw_ari successfully downloaded
installing files to /var/www/html/recordings…done
installing files to /var/www/html/recordings…done
fw_ari file install done, removing packages from module
files removed successfully
Module fw_ari successfully installed
SETTING FILE PERMISSIONS
chattr: Operation not supported while reading flags on /var/www/html/cxpanel
chattr: Operation not supported while reading flags on /var/www/html/isymphony
chattr: Operation not supported while reading flags on /var/www/html/provisioning
chattr: Operation not supported while reading flags on /var/www/html/wcb.php
Permissions OK
UNSIGNED MODULE phpagiconf – attempting to redownload
–2014-10-13 17:50:42-- http://mirror1.freepbx.org/modules/packages/phpagiconf/phpagiconf-2.11.0.0.tgz?installid=b2d24f8672660174e834df6fdcb2e969
Resolving mirror1.freepbx.org… 162.253.134.144
Connecting to mirror1.freepbx.org|162.253.134.144|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 13668 (13K) [application/octet-stream]
Saving to: â/var/www/html/admin/modules/_cache/phpagiconf-2.11.0.0.tgzâ
100%[========================================================>] 13,668 --.-K/s in 0.007s
2014-10-13 17:50:42 (1.95 MB/s) - â/var/www/html/admin/modules/_cache/phpagiconf-2.11.0.0.tgzâ
Downloading 13668 of 13668 (100%)
Untaring…Done
Module phpagiconf successfully downloaded
Module phpagiconf successfully installed
SETTING FILE PERMISSIONS
chattr: Operation not supported while reading flags on /var/www/html/cxpanel
chattr: Operation not supported while reading flags on /var/www/html/isymphony
chattr: Operation not supported while reading flags on /var/www/html/provisioning
chattr: Operation not supported while reading flags on /var/www/html/wcb.php
Permissions OK
UNSIGNED MODULE fw_langpacks – attempting to redownload
The following error(s) occured:
100%[========================================================>] 6,283 --.-K/s in 0.003s
2014-10-13 17:50:45 (1.94 MB/s) - â/var/www/html/admin/modules/_cache/extensionsettings-2.11.0.2.tgzâ
Downloading 6283 of 6283 (100%)
Untaring…Done
Module extensionsettings successfully downloaded
Module extensionsettings successfully installed
SETTING FILE PERMISSIONS
chattr: Operation not supported while reading flags on /var/www/html/cxpanel
chattr: Operation not supported while reading flags on /var/www/html/isymphony
chattr: Operation not supported while reading flags on /var/www/html/provisioning
chattr: Operation not supported while reading flags on /var/www/html/wcb.php
Permissions OK
UNSIGNED MODULE isymphony – attempting to redownload
The following error(s) occured:
100%[========================================================>] 14,478 --.-K/s in 0.1s
2014-10-13 17:50:48 (142 KB/s) - â/var/www/html/admin/modules/_cache/customcontexts-2.11.0.1.tgzâ
Downloading 14478 of 14478 (100%)
Untaring…Done
Module customcontexts successfully downloaded
Module customcontexts successfully installed
SETTING FILE PERMISSIONS
chattr: Operation not supported while reading flags on /var/www/html/cxpanel
chattr: Operation not supported while reading flags on /var/www/html/isymphony
chattr: Operation not supported while reading flags on /var/www/html/provisioning
chattr: Operation not supported while reading flags on /var/www/html/wcb.php
Permissions OK
Complete. Summary:
Good modules: 74
Bad modules: 0
Signature Missing: 2
**** SYSTEM WAS EXPLOITED ****
Re-run this script with any module name for further information