Yeah, I did that too.
There are several places where information is protected by names and passwords. The security of your system is up to you. If your system is open to the Internet and your security is set too low, someone could use your system to make long distance calls at your expense.
Be aware that there is a major security hole in FreePBX. Using FreePBX admin security alone will not protect your system from a web attack and may compromise root access to your entire server. For this reason, we recommend that you log in as root and immediately run passwd-master. This establishes Apache .htaccess security on your FreePBX web interface. After running this conversion utility, you can only log into the FreePBX admin interface with the username maint and the password which you establish when you run the utility.
Here’s my advice. Log into the root and to change the main passwords, run passwd-master from the command line.
This does the following
- Changes FreePBX to authtype = none in amportal.conf,
- Sets up .htaccess on the admin directory which contains FreePBX
- Sets the wwwadmin, and MeetMe passwords to the same one as maint.
After running the command, to access all areas including FreePBX, the username is maint with the password of whatever you set during the passwd-master script. Maint gets you to admin (FreePBX) maint, FOP, MeetMe.
Other passwords can be set in your system, similarly, see below.
PASSWORD - LINUX
If you plug a monitor and keyboard into the PBX and power it up, at the “login as” prompt, the username is root. The default password is 123456. To reset the root password, use the command line passwd.
PASSWORD - THE PBX IN A FLASH BROWSER
When you put the IP Address of the PBX in your browser it brings up the PBX in a Flash Dynamic UI: Menus - users menu with three icons: Voicemail & Recordings, Flash Operator Panel, and MeetMe Conference. The default password is passw0rd.
PASSWORD - VOICEMAIL AND RECORDING
When you click on it, it says: “Use your Voicemail Mailbox and Password…” This is the same password used for the phone.
If you want to access your voicemail through the web client FreePBX, your extension must have voicemail enabled and a password entered. Your username is your extension ID (ex. 1001) and your initial password is the voicemail password configured in the extension. Unless you need more security on your voice mail, configure these passwords to be the same as the two extensions that are setup.
Click on the Main Menu icon in the upper right to get back to the PBX in a Flash - Dynamic UI: Menus - users menu.
PASSWORD - Flash Operator Panel
It is recommended to change the FOP password to something easy and simple to remember. The simple method is by logging in to your asterisk box either remotely using putty or directly on your box console.
In this example, Putty is used to log in remotely to PIAF. Once logged in, change the directory to /var/www/html/panel
Using nano as the editor, open the configuration file op_server.cfg
Go to the line that says security code=passw0rd
(In FOP that comes with PIAF, the default password is “passw0rd”)
Replace the “passw0rd” with the password of your choice.
Close off nano and putty. Open your web browser and go to FOP. You should be able to click on the little lock, put in your password and you will see it lock up.
From the Main Menu, you can click on the Flash Operator Panel icon. When you are in the PiaF Flash Operator Panel there is a lock icon: Open Security Code Input Box. When you click on it, it says “Please enter the Security Code”. The default password is passw0rd. All this does is let you click on the down arrow next to the extension and bring up a box that shows Call and Queue.
passwd-wwwadmin… for users needing FOP and MeetMe access
PASSWORD – MeetMe Conference
MeetMe Conference - Web MeetMe Control comes up without a password.
passwd-meetme… for users needing only MeetMe access.
PASSWORD - FREEPBX – RECORDINGS
When you click on Recordings… It brings up a Login screen asking for Login and password. It says: Use your Voicemail Mailbox and Password. This is the same password used for the phone, for example extension 204 has the password set to 204.
Admin Function Passwords
In the lower left of the Main Menu there is an Admin toggle. Click on it and it changes to Users and brings up a password. The default is 123456. If you have already logged in, it goes directly to the Dynamic UI: Menus - admin menu with six icons: the three from users (Voicemail & Recordings, Flash Operator Panel, and MeetMe Conference) and FreePBX Administration, Linux Webmin, and Menu Configuration. From there you can click on FreePBX Administration. It will bring up the login to the server. The User name is wwwadmin and the default password is passw0rd.
From there if you click on Administrators. Username: admin Password: admin
PASSWORD - LINUX ADMIN FROM FREEPBX BROWSER
Any Linux Admin uses the same password, whether you log into PBX in a Flash and then click on Linux Admin or if you login using SSH and PuTTY. The username is root. The default password is 123456.
login as: root
[email protected]’s password: 123456
PASSWORD - SQL
The Default user = asteriskuser and password = amp109. If you do not change it, the FreePBX System Status will warn you: “Default SQL Password Used”.
PASSWORD – ASTERISK
This is also the password for Sys Info.
AMPMGRUSER: the user to access the Asterisk manager interface
AMPMGRPASS: the password for AMPMGRUSER
The Default username is freepbx and the default password is fpbx. If you do not change it, the FreePBX System Status will warn you: “Default Asterisk Manager Password Used”.
PASSWORD - TOOLS - CONFIG EDIT
The default username is maint and password is 123456.
passwd-maint… This command sets FreePBX maint password. It covers Config Edit, phpMyAdmin, and Sys Info and everything covered by .htacess in /var/www/html/maint.
PASSWORD – TOOLS – SYS INF
See PASSWORD ASTERISK
PASSWORD – WEBMIN
Use the command line passwd-webmin for users needing Webmin access to your server.