It appears that in my original problem system, I had two, the User control panel is gone. I get a /ucp is not found error. Anyone else have this problem?
You should be able to reinstall it with āamportal a ma download ucpā and then āamportal a ma install ucpā
Thanks Rob. But I got a file not found error.
More woes. Last night I finished upgrading all my systems. I checked each one to see if there was an errant extension and I was also able to log in normally. I upgraded all the modules. this morning one of the systems I did last night was infected. I proceeded to run the script and commands to remove the issue. At this point I get a blank page when I click on the link to log in.
Update. The login page is blank, no popup. When I do a āView page sourceā it is blank also. I have run the repair scripts several times.
/var/lib/asterisk/bin/module_admin -f update framework
1 Like
All I get is the help info for the module_admin -f update framework
Thanks
Similar situation with my system. I have now lost access to the system. Building new system now.
The newer version of the script outputs the random password it generates.
#USERS SHOULD NEVER SET THEIR PASSWORD TO PASSWORD EVEN TEMPORARILY
Even without it use the amportal a u method to gain access do not edit the database directly
You are right I will delete my post to avoid confusion.
I just fixed a FreePBX 3.211 system. Hereās what I foundā¦
The bootstrap.inc.php file appears to be part of the hack that continually replaces the bogus admin account (in my case the username was āmgknightā).
Removal caused web access to fail.
Replacing it with a blank file restored operation, and allowed deletion of the bogus admin. (The system seemed to be okay at this point.)
I was then able to update to the latest version.
Then, I further tweaked iptables to allow only SSH connections from my remote IP, and SIP only from my SIP provider.
So far, so good.
Deleting the bootstrap.inc.php will cause the page to fail because the hacker also modified your config.php file to include bootstrap.inc.php. Remove that entry at the top of the config.php will fix your problem.
If you havenāt yet, you should run the security check from
http://wiki.freepbx.org/display/L1/FreePBX+Security+Scan
Is this a task one should run for prevention purpose or to solve security issues ??
I keep my systems up to dateā¦
Iāve run the check as directed. Getting some errors. Any suggestions???
Starting integrity checkā¦
Clean defined, Will attempt to clean anything thing bad up
Redownload defined, will attempt to redownload where needed
Checking Framework for a valid signatureā¦
Framework appears to be good
Cleaning up exploit 'mgknightā
Purging PHP Session storage
Done
Moving potentially compromised file /etc/asterisk/manager_custom.conf to /tmp/freepbx_quarantine/manager_custom.conf
Moving potentially compromised file /etc/asterisk/sip_custom.conf to /tmp/freepbx_quarantine/sip_custom.conf
Moving potentially compromised file /etc/asterisk/extensions_custom.conf to /tmp/freepbx_quarantine/extensions_custom.conf
Cleaned potential āmgknightā exploit. Please check your system for any suspicious activity. This script might not have removed it all!
Checking FreePBX ARI Framework
FreePBX ARI Framework detected as installed, attempting to update
Downloading 249070 of 249070 (100%)
Untaringā¦Done
Module fw_ari successfully downloaded
installing files to /var/www/html/recordingsā¦done
installing files to /var/www/html/recordingsā¦done
fw_ari file install done, removing packages from module
files removed successfully
Module fw_ari successfully installed
SETTING FILE PERMISSIONS
chattr: Operation not supported while reading flags on /var/www/html/cxpanel
chattr: Operation not supported while reading flags on /var/www/html/isymphony
chattr: Operation not supported while reading flags on /var/www/html/wcb.php
Permissions OK
Finished with FreePBX ARI Framework
Now Verifying all FreePBX Framework Files
*** File (/usr/sbin/amportal) is missing! ****
/usr/sbin/amportal has been modified!
Framework file(s) have been modified, re-downloading
Downloading Framework
Downloading 3419164 of 3419164 (100%)
Untaringā¦Done
Module framework successfully downloaded
installing files to /var/www/htmlā¦done
installing files to /var/lib/asterisk/binā¦done
installing files to /var/lib/asterisk/agi-binā¦done
Checking for upgradesā¦No further upgrades necessary
framework file install done, removing packages from module
file/directory: /var/www/html/admin/modules/framework/amp_conf removed successfully
file/directory: /var/www/html/admin/modules/framework/upgrades removed successfully
file/directory: /var/www/html/admin/modules/framework/libfreepbx.install.php removed successfully
Module framework successfully installed
SETTING FILE PERMISSIONS
chattr: Operation not supported while reading flags on /var/www/html/cxpanel
chattr: Operation not supported while reading flags on /var/www/html/isymphony
chattr: Operation not supported while reading flags on /var/www/html/wcb.php
Permissions OK
Download complete
Finished upgrading Framework! Please re-run the check.
Folks,
i ran the checks on a system a few times as directed, and it works but for some reason the mgknight user still coming up.
i just update the new framework āframework-2.11.0.41ā lets see how it goes.
but something else iām missing to take this mgknight out the system completely?