hello gurus !
I’m a bit lost with my situation right now but my gui is like that atm :
2 days ago our server has been hacked and i can’t reach my gui anymore.
How can i troubleshoot anything the hacker left behind him ?
And any idea for my gui ? Yesterday the gui was working perfectly
If you visit e.g.
http://mypbx.mydomain.com/admin/config.php?display=cdr
(using https and/or port number if appropriate) do you see a blank page? Does the URL in the address bar change?
Cloud or on site? If on site, physical or virtual? If cloud or virtual, it should be easy to take a snapshot, restore from a backup and analyze the snapshot at your leisure.
FreePBX version? Distro or manually installed? SSH access ok? If not, do you have console access? Is Asterisk running? Processing calls?
I get the gui with this url ty.
But now i got an security alerte that tell me : the index.php missing /var/www/html
Try reinstalling framework
fwconsole ma downloadinstall framework --force
fwconsole reloadBtw, my extension_custom.conf has been modified in spit i changed all my passwords. is it possible that i have a backdoor?
Wait a second.
Your hacked box might still have the attacker in it?
Is your PBX exposed to the internet?
I think everyone will agree here, destroy this machine, create a new one and import a good backup.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.