Critical FreePBX RCE Vulnerability (ALL Versions) CVE-2014-7235


(TheJames) #65

The signature has changed. We are updating the script to compensate for this. Update release shortly…

Please note the attacker very well may be watching this and our cleanup efforts. He pings compromised systems every 3 minutes so he may be able to have a new signature in place before you know there is a change. If your system has been compromised the only sane fix may be to re-install.


(Andrew Nagy) #66

By “signature” @jfinstrom does not mean a new exploit, he means the hacker lays down more files than we originally thought. He lays down index files in various locations throughout FreePBX.

Sometimes the best course of action is a reinstall.


(TheJames) #67

Latest Phar updated. remove any current copies and follow instructions on the wiki.


(Intechtel) #68

is the *** File (/usr/sbin/amportal) is missing! **** part of the exploit that I need to take specific action on? I re-run the check after cleaning up via patch, and continually get that message in red. Thanks for all the hard work you guys put in!


(Mark) #69

Anything my earlier post?
I know it is unsupported but even a quick reply would be good.


#70

Hi

I have updated our system, and cant clear the follwing, any ideas. I have uninstalled and reinstalled the module but still get the following errors:

You have 11 Tampered Files
Module: CID Superfecta, File: /var/www/html/admin/modules/superfecta/assets/images/bottom.gif missing
Module: CID Superfecta, File: /var/www/html/admin/modules/superfecta/assets/images/copy.gif missing
Module: CID Superfecta, File: /var/www/html/admin/modules/superfecta/assets/images/delete.gif missing
Module: CID Superfecta, File: /var/www/html/admin/modules/superfecta/assets/images/loading.gif missing
Module: CID Superfecta, File: /var/www/html/admin/modules/superfecta/assets/images/logo.gif missing
Module: CID Superfecta, File: /var/www/html/admin/modules/superfecta/assets/images/off.gif missing
Module: CID Superfecta, File: /var/www/html/admin/modules/superfecta/assets/images/on.gif missing
Module: CID Superfecta, File: /var/www/html/admin/modules/superfecta/assets/images/on_off.gif missing
Module: CID Superfecta, File: /var/www/html/admin/modules/superfecta/assets/images/revert.gif missing
Module: CID Superfecta, File: /var/www/html/admin/modules/superfecta/assets/images/top.gif missing
Module: CID Superfecta, File: /var/www/html/admin/modules/superfecta/assets/images/update.png missing


(Andrew Nagy) #71

Do you use superfecta?


#72

Andrew

No and have uninstalled/removed it, nut still there. Will try another remove.


(Andrew Nagy) #73
rm -Rf /var/www/html/admin/modules/superfecta
amportal a r

(Kennedy Jombo) #74

Information on this forum has so far been useful, Thanks guys
However is there anyone who can tell me how to delete the ‘1986’ extension
I have managed to remove the ‘mgknight’ user, tried all sorts of info listed on this forum but the extension is not going away.


#75

edit /etc/asterisk/extension_custom.conf

security scan should remove it ?


(Lonniej) #76

Thanks i was able to regain acees to the gui with that


(Andrew Nagy) #77

If anyone was curious as to why a hacker would want to keep dialing a number over and over here’s a great article:

http://finance.yahoo.com/news/phone-hackers-dial-redial-steal-012343295.html


(Lonniej) #79

I just ran the phar again and i never get a new username and password at the end only what i posted above


(Andrew Nagy) #80

You wont get a new username if the mgknight user wasnt detected.


#81

I still have an old server running FreePBX 2.9 with Asterisk 1.6. It’s long overdue for an upgrade, but until I get that done, what can I do to protect this system from this hack?

The console is firewalled and only accessible thru an internal network.

Thanks,
Westley


(Matt1288c) #82

Hello All,

I was alerted to this by my trunk provider (voiptalk) and they advised me that they blocked my account due to long distance calls being attempted from my PBX. They advised me of the problem but by that time I had a random 403 error on my webadmin that I just couldn’t fix. This is obviously a tactic being used by the intruders.

Anyway I downloaded a newer version (FreePBX-STABLE64.iso) dated 20/10/2014 and installed/configured. Lovely. Now my trunk provider has advised me of more attempted calls from my PBX which leads me to the question “has the new updated iso from 3 days ago already had the fix put in place or should I have done something once installed?”

Thanks


(Andrew Nagy) #83

Yes it already has the fix in place. Did you do a backup and restore and restore the web directory?


#84

I am late to this party…

When I run the phar I get the following PARTIAL output…

Now Verifying all FreePBX Framework Files
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 111
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 111
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 130
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 130
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 130
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 130
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 130
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 130
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 130
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 130
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 130
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 130
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 140
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 120
*** Mismatch on /usr/local/sbin/amportal ****
/usr/local/sbin/amportal has been modified!
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 151
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 151
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 151
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 151
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 151
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 151
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 151
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 151
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 151
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 151
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 151
PHP Notice:  Undefined variable: output in phar:///root/fpbxseccheck.phar/src/CheckFramework.class.php on line 151

it says it finished upgrading the framework and to re-run… and I get the same output.


(Lonniej) #85

login as: root
[email protected]’s password:


| | __ ___ | _ | __ ) / /
| |
| '
/ _ / _ \ |
) | _ \ /
| || | | __/ __/ __/| |) /
|
| |
| _|_|| |__//_\

Interface eth0 IP: 162.217.84.152

Please note most tasks should be handled through the FreePBX UI.
You can access the FreePBX GUI by typing one of the above IP’s in to your web browser.
For support please visit http://www.freepbx.org/support-and-professional-services

[[email protected] ~]# wget --no-check-certificate https://github.com/Schmoozecom/fpbxcheck/raw/master/fpbxseccheck.phar
–2014-10-27 19:55:11-- https://github.com/Schmoozecom/fpbxcheck/raw/master/fpbxseccheck.phar
Resolving github.com… 192.30.252.131
Connecting to github.com|192.30.252.131|:443… connected.
HTTP request sent, awaiting response… 302 Found
Location: https://raw.githubusercontent.com/Schmoozecom/fpbxcheck/master/fpbxseccheck.phar [following]
–2014-10-27 19:55:12-- https://raw.githubusercontent.com/Schmoozecom/fpbxcheck/master/fpbxseccheck.phar
Resolving raw.githubusercontent.com… 23.235.40.133
Connecting to raw.githubusercontent.com|23.235.40.133|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 386829 (378K) [application/octet-stream]
Saving to: “fpbxseccheck.phar”

100%[======================================>] 386,829 --.-K/s in 0.04s

2014-10-27 19:55:12 (9.24 MB/s) - “fpbxseccheck.phar” saved [386829/386829]

[[email protected] ~]# chmod +x fpbxseccheck.phar
[[email protected] ~]# ./fpbxseccheck.phar --clean --redownload
Starting integrity check…
Clean defined, Will attempt to clean anything thing bad up
Redownload defined, will attempt to redownload where needed
Checking Framework for a valid signature…
Framework appears to be good
*** Exploit ‘mgknight’ Detected ***
mgknight user detected!
Deleting ‘mgknight’ user.
Cleaning up exploit 'mgknight’
Removing invalid bootstrap file
No Admin Users detected. Adding one now.
Purging PHP Session storage
Done
Moving potentially compromised file /etc/asterisk/manager_custom.conf to /tmp/freepbx_quarantine/manager_custom.conf
Moving potentially compromised file /etc/asterisk/sip_custom.conf to /tmp/freepbx_quarantine/sip_custom.conf
Moving potentially compromised file /etc/asterisk/extensions_custom.conf to /tmp/freepbx_quarantine/extensions_custom.conf
Moving potentially compromised file /var/www/html/admin/libraries/pest/index.php to /tmp/freepbx_quarantine/admin_libraries_pest_index.php
Cleaned potential ‘mgknight’ exploit. Please check your system for any suspicious activity. This script might not have removed it all!
Checking FreePBX ARI Framework
FreePBX ARI Framework detected as installed, attempting to update
Downloading 249070 of 249070 (100%)

Untaring…Done
Module fw_ari successfully downloaded
installing files to /var/www/html/recordings…done
installing files to /var/www/html/recordings…done
fw_ari file install done, removing packages from module
files removed successfully
Module fw_ari successfully installed

SETTING FILE PERMISSIONS
chattr: Operation not supported while reading flags on /var/www/html/cxpanel
chattr: Operation not supported while reading flags on /var/www/html/wcb.php
Permissions OK
Finished with FreePBX ARI Framework
Now Verifying all FreePBX Framework Files
*** Mismatch on /var/www/html/admin/config.php ****
/var/www/html/admin/config.php has been modified!
*** Mismatch on /var/www/html/admin/libraries/view.functions.php ****
/var/www/html/admin/libraries/view.functions.php has been modified!
*** File (/usr/sbin/amportal) is missing! ****
/usr/sbin/amportal has been modified!
Framework file(s) have been modified, re-downloading
Downloading Framework
Downloading 3419164 of 3419164 (100%)

Untaring…Done
Module framework successfully downloaded
installing files to /var/www/html…done
installing files to /var/lib/asterisk/bin…done
installing files to /var/lib/asterisk/agi-bin…done
Checking for upgrades…No further upgrades necessary
framework file install done, removing packages from module
file/directory: /var/www/html/admin/modules/framework/amp_conf removed successfully
file/directory: /var/www/html/admin/modules/framework/upgrades removed successfully
file/directory: /var/www/html/admin/modules/framework/libfreepbx.install.php removed successfully
Module framework successfully installed

SETTING FILE PERMISSIONS
chattr: Operation not supported while reading flags on /var/www/html/cxpanel
chattr: Operation not supported while reading flags on /var/www/html/wcb.php
Permissions OK
Download complete
Finished upgrading Framework! Please re-run the check.
[[email protected] ~]# amportal a ma upgradeall

Fetching FreePBX settings with gen_amp_conf.php…

no repos specified, using: [standard] from last GUI settings

Upgrading: endpoint, cidlookup, freepbx_ha, userman, restapps, core, restapi, cxpanel
Upgrading endpoint…
Downloading 1245359 of 1245359 (100%)
Downloading 1245359 of 1245359 (100%)

Untaring…Done
Module endpoint successfully downloaded
The following error(s) occured:

i still dont see what the new user name and pass is and the mgknight was detected this is first time i ran phar on this machine am i missing something tm 1000