Empty GUI (after Hack)

hello gurus !

I’m a bit lost with my situation right now but my gui is like that atm :

2 days ago our server has been hacked and i can’t reach my gui anymore.

How can i troubleshoot anything the hacker left behind him ?
And any idea for my gui ? Yesterday the gui was working perfectly

If you visit e.g.
(using https and/or port number if appropriate) do you see a blank page? Does the URL in the address bar change?

Cloud or on site? If on site, physical or virtual? If cloud or virtual, it should be easy to take a snapshot, restore from a backup and analyze the snapshot at your leisure.

FreePBX version? Distro or manually installed? SSH access ok? If not, do you have console access? Is Asterisk running? Processing calls?

1 Like

I get the gui with this url ty.

But now i got an security alerte that tell me : the index.php missing /var/www/html

Try reinstalling framework

fwconsole ma downloadinstall framework --force
fwconsole reload

Btw, my extension_custom.conf has been modified in spit i changed all my passwords. is it possible that i have a backdoor?

Wait a second.

Your hacked box might still have the attacker in it?
Is your PBX exposed to the internet?

I think everyone will agree here, destroy this machine, create a new one and import a good backup.


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.