I’ve been hacked!!!
How was this guy able to by pass the password authentication?
cat /etc/asterisk/freepbxdistro-version
1.8.2.0-2
Apache log:
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:11:08 -0600] “GET / HTTP/1.0” 200 2559
"http://localhost/index.php?file=b69.100x.txt&find=pbx" “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:11:09 -0600] “GET /admin/images/box-left.jpg HTTP/1.0” 200 2576
"http://xx.xx.xx.xx/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:11:09 -0600] “GET /admin/images/operator-panel.png HTTP/1.0” 200 11055
"http://xx.xx.xx.xx/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:11:09 -0600] “GET /admin/images/header-bg-right.jpg HTTP/1.0” 200 19400
"http://xx.xx.xx.xx/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:11:09 -0600] “GET /admin/images/sys-admin.png HTTP/1.0” 200 14271
"http://xx.xx.xx.xx/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:11:09 -0600] “GET /admin/images/header-bg-left.jpg HTTP/1.0” 200 26105
"http://xx.xx.xx.xx/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:11:09 -0600] “GET /admin/images/user-control.png HTTP/1.0” 200 13361
"http://xx.xx.xx.xx/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:11:10 -0600] “GET /admin/images/support.png HTTP/1.0” 200 9550
"http://xx.xx.xx.xx/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:11:10 -0600] “GET /admin/images/box-right.jpg HTTP/1.0” 200 2554
"http://xx.xx.xx.xx/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:11:10 -0600] “GET /admin/images/header-tile.jpg HTTP/1.0” 200 452
"http://xx.xx.xx.xx/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:11:10 -0600] “GET /admin/images/header-bg-tile.jpg HTTP/1.0” 200 396
"http://xx.xx.xx.xx/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:11:11 -0600] “GET /admin/images/box-tile.jpg HTTP/1.0” 200 365
"http://xx.xx.xx.xx/” "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:12:20 -0600] “GET /admin/common/script.js.php?load_version=2.9.0.7 HTTP/1.0” 200
1111 “http://xx.xx.xx.xx/admin/config.php” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:12:20 -0600] “GET /admin/assets/js/jquery.cookie.js HTTP/1.0” 200 4247
"http://xx.xx.xx.xx/admin/config.php” "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:12:20 -0600] “GET /admin/common/mainstyle.css?load_version=2.9.0.7 HTTP/1.0” 200
15911 “http://xx.xx.xx.xx/admin/config.php” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:12:20 -0600] “GET /admin/assets/js/script.legacy.js HTTP/1.0” 200 19594
"http://xx.xx.xx.xx/admin/config.php” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:12:21 -0600] “GET /admin/assets/js/jquery.dimensions.js HTTP/1.0” 200 20547
"http://xx.xx.xx.xx/admin/config.php” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:12:21 -0600] “GET /admin/assets/js/jquery.toggleval.3.0.js HTTP/1.0” 200 3496
"http://xx.xx.xx.xx/admin/config.php” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:12:20 -0600] “GET /admin/assets/js/jquery-1.4.x.min.js HTTP/1.0” 200 78696
"http://xx.xx.xx.xx/admin/config.php” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:12:22 -0600] “GET /admin/assets/js/interface.dim.js HTTP/1.0” 200 3761
"http://xx.xx.xx.xx/admin/config.php” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:12:22 -0600] “GET /admin/assets/js/tabber-minimized.js HTTP/1.0” 200 4904
"http://xx.xx.xx.xx/admin/config.php” "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:12:22 -0600] "GET /admin/images/freepbx_large.png?load_version=2.9.0.7 HTTP/1.0"
200 7590 “http://xx.xx.xx.xx/admin/config.php” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:12:20 -0600] “GET /admin/assets/js/jquery-ui-1.8.x.min.js HTTP/1.0” 200 198688
"http://xx.xx.xx.xx/admin/config.php” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:12:23 -0600] “GET /admin/images/logo.png?load_version=2.9.0.7 HTTP/1.0” 200 5699
"http://xx.xx.xx.xx/admin/config.php” "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:12:23 -0600] “GET /admin/images/favicon.ico HTTP/1.0” 200 318 “-” “Mozilla/5.0
(Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:12:27 -0600] “GET /admin/images/header-back.png HTTP/1.0” 200 339
"http://xx.xx.xx.xx/admin/common/mainstyle.css?load_version=2.9.0.7” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101
Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:12:27 -0600] “GET /admin/images/tab.png HTTP/1.0” 200 1431
"http://xx.xx.xx.xx/admin/common/mainstyle.css?load_version=2.9.0.7” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101
Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:12:27 -0600] “GET /admin/images/tab-first-current.png HTTP/1.0” 200 2639
"http://xx.xx.xx.xx/admin/common/mainstyle.css?load_version=2.9.0.7” "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101
Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:13:06 -0600] “GET /admin/modules/ HTTP/1.0” 200 15000 “-” “Mozilla/5.0 (Windows NT
6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:13:06 -0600] “GET /icons/back.gif HTTP/1.0” 200 216
"http://xx.xx.xx.xx/admin/modules/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:13:06 -0600] “GET /icons/blank.gif HTTP/1.0” 200 148
"http://xx.xx.xx.xx/admin/modules/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:13:06 -0600] “GET /icons/bomb.gif HTTP/1.0” 200 308
"http://xx.xx.xx.xx/admin/modules/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:13:06 -0600] “GET /icons/folder.gif HTTP/1.0” 200 225
"http://xx.xx.xx.xx/admin/modules/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:13:06 -0600] “GET /icons/script.gif HTTP/1.0” 200 242
"http://xx.xx.xx.xx/admin/modules/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:13:14 -0600] “GET /admin/modules/framework/ HTTP/1.0” 200 2558
"http://xx.xx.xx.xx/admin/modules/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:13:15 -0600] “GET /icons/text.gif HTTP/1.0” 200 229
"http://xx.xx.xx.xx/admin/modules/framework/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:13:17 -0600] “GET /admin/modules/framework/bin/ HTTP/1.0” 200 2939
"http://xx.xx.xx.xx/admin/modules/framework/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:13:18 -0600] “GET /icons/unknown.gif HTTP/1.0” 200 245
"http://xx.xx.xx.xx/admin/modules/framework/bin/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:13:19 -0600] “GET /admin/modules/framework/bin/gen_amp_conf.php HTTP/1.0” 200 6539
"http://xx.xx.xx.xx/admin/modules/framework/bin/” "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - maint [12/Feb/2012:17:14:37 -0600] “GET /admin/config.php HTTP/1.0” 200 27455 “-” “Mozilla/5.0
(Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - maint [12/Feb/2012:17:14:39 -0600] “GET
/admin/config.php?handler=file&module=dashboard&file=dashboard.css&load_version=2.9.0.4 HTTP/1.0” 200 2463
"http://xx.xx.xx.xx/admin/config.php” "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:14:39 -0600] “GET /admin/common/mstyle_autogen_1314232943.css?load_version=2.9.0.7
HTTP/1.0” 200 11603 “http://xx.xx.xx.xx/admin/config.php” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:14:40 -0600] “GET /admin/images/notify_update.png HTTP/1.0” 200 619
"http://xx.xx.xx.xx/admin/config.php” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:14:40 -0600] “GET /admin/images/notify_delete.png HTTP/1.0” 200 715
"http://xx.xx.xx.xx/admin/config.php” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:14:40 -0600] “GET /admin/images/notify_warning.png HTTP/1.0” 200 789
"http://xx.xx.xx.xx/admin/config.php” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:14:40 -0600] “GET /admin/images/cancel.png HTTP/1.0” 200 815
"http://xx.xx.xx.xx/admin/config.php” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:14:40 -0600] “GET /admin/images/notify_notice.png HTTP/1.0” 200 778
"http://xx.xx.xx.xx/admin/config.php” "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:14:39 -0600] “GET /admin/common/libfreepbx.javascripts.js?load_version=2.9.0.7
HTTP/1.0” 200 302944 “http://xx.xx.xx.xx/admin/config.php” "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101
Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:14:41 -0600] "GET /admin/images/freepbx_small.png?load_version=2.9.0.7 HTTP/1.0"
200 4844 “http://xx.xx.xx.xx/admin/config.php” "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
httpd/access_log:83.244.52.186 - - [12/Feb/2012:17:14:42 -0600] “GET /admin/images/shadow-side-background.png?load_version=2.9.0.7
HTTP/1.0” 200 198 “http://xx.xx.xx.xx/admin/config.php” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1”