FreePBX / PBX in a Flash
From VoIP.ms Wiki
| [checked revision] | [checked revision] |
90210chris (Talk | contribs) |
90210chris (Talk | contribs) (→Known Issues And Recommendations) |
||
| Line 37: | Line 37: | ||
'''Recommendations:''' | '''Recommendations:''' | ||
| - | + | We strongly recommend to update any 2.8 version or prior to 2.9 version or higher through the Module Admin, in order to remove the vulnerability. The most recommended is the latest version. Any customer that is currently using the 2.11 versions or prior must update the FreePBX ARI Framework to version 2.11.1.5 immediately! | |
| - | + | ||
| + | Users of FreePBX version 12 should disable and uninstall the FreePBX ARI Framework module and switch to the new Control Panel (don’t confuse with the ‘User Control Panel’ tab). This can be done via a System Shell and due to differences between machines it can be at: | ||
/var/www/admin | /var/www/admin | ||
or | or | ||
| Line 49: | Line 50: | ||
amportal a ma delete admindashboard | amportal a ma delete admindashboard | ||
This will remove all traces of it, from the FreePBX. Once you have run it, you’ll see an error output saying: Uninstallation scripts failed to run. Please notice this is expected. That means the module has been removed successfully. | This will remove all traces of it, from the FreePBX. Once you have run it, you’ll see an error output saying: Uninstallation scripts failed to run. Please notice this is expected. That means the module has been removed successfully. | ||
| - | + | ||
| + | You must remove any reference to these files: c2.pl and/or c.sh (System admin dashboard, also called ‘admindashboard’). Those references can be found by running: | ||
Updatedb | Updatedb | ||
locate c2.pl | locate c2.pl | ||
locate c.sh | locate c.sh | ||
Once you find them, remove all the references to any of those files. | Once you find them, remove all the references to any of those files. | ||
| - | + | ||
| - | + | Also, is very important you verify there are no additional unknown ‘Administrator’ users in the ‘Administrators’ page, since some unauthorized users may have created those unwanted ‘Administrator’ user as part of a scripted attack. | |
| - | + | ||
| - | + | You can update your FreePBX Distro with the scripts: 5.211.65-19 and 6.12.65-18. You can also check their wiki page to know how to keep your FreePBX updated: http://wiki.freepbx.org/display/FD/Updating+FreePBX+Official+Distro | |
| + | |||
| + | Don’t expose your system to the public internet (if possible) as a good practice. | ||
| + | |||
| + | Visit periodically the FreePBX page in order to be aware of any critical update to your system: http://www.freepbx.org/news | ||
Additionally VoIP.ms always recommend securing your account using the restrictions we offer on the Customer Portal / Main Menu / Account Settings / Account Restrictions. There you’ll be able to restrict the allowed countries to be dialed out, the maximum duration of an international call, the maximum rate per minute, among other restrictions. | Additionally VoIP.ms always recommend securing your account using the restrictions we offer on the Customer Portal / Main Menu / Account Settings / Account Restrictions. There you’ll be able to restrict the allowed countries to be dialed out, the maximum duration of an international call, the maximum rate per minute, among other restrictions. | ||
If you feel your system has been compromised, feel free to change the password of the involved sub accounts and disable international destinations on sub accounts that won’t generate international traffic. | If you feel your system has been compromised, feel free to change the password of the involved sub accounts and disable international destinations on sub accounts that won’t generate international traffic. | ||
Revision as of 15:42, 24 October 2014
FreePBX / PBX in a Flash (SIP)
Fill the blanks with your information, please note that the images above are just examples.
canreinvite=nonat nat=yes context=from-trunk host=atlanta.voip.ms (one of our multiple servers, you can choose the one closer to your location) secret=***** (password associated with the Main or Sub-account) type=peer username=100000 (Replace with your 6 digit Main SIP Account User ID or Sub Account username, i.e. 123456 or 123456_sub) disallow=all allow=ulaw ; allow=g729 ; uncomment if you purchased g.729 from Digium fromuser=100000 (Replace with your 6 digit Main SIP Account User ID or Sub Account username, i.e. 123456 or 123456_sub) trustrpid=yes sendrpid=yes insecure=invite qualify=yes
Register String: youraccountnumber:[email protected]:5060 (i.e. 123456:[email protected]:5060)
Known Issues And Recommendations
Known Issues:
We are aware of an important and critical exploit related to all FreePBX versions prior to 12. This Zero-Day Remote Code Execution and Privilege Escalation exploit allows users to bypass authentication and gain ‘Full Administrator’ access to the FreePBX server when the ‘FreePBX ARI Framework module/Asterisk Recording Interface (ARI)’ is present on the system. This vulnerability may offer to any non authorized user full remote code execution access as the user running the Apache process. This exploit can be present also for users who have updated to version 12 from a prior version and did not remove the legacy FreePBX ARI Framework module.
Recommendations:
We strongly recommend to update any 2.8 version or prior to 2.9 version or higher through the Module Admin, in order to remove the vulnerability. The most recommended is the latest version. Any customer that is currently using the 2.11 versions or prior must update the FreePBX ARI Framework to version 2.11.1.5 immediately!
Users of FreePBX version 12 should disable and uninstall the FreePBX ARI Framework module and switch to the new Control Panel (don’t confuse with the ‘User Control Panel’ tab). This can be done via a System Shell and due to differences between machines it can be at: /var/www/admin or /var/www/html/admin If you are not sure about the location of your AMPWEBROOT, it is visible in the Advanced Settings page, as ‘FreePBX Web Root Dir’. Once there, run this command: rm -rf AMPWEBROOT/admin/modules/admindashboard This will replace the ‘AMPWEBROOT’ with the system setting. Next, run: amportal a ma delete admindashboard This will remove all traces of it, from the FreePBX. Once you have run it, you’ll see an error output saying: Uninstallation scripts failed to run. Please notice this is expected. That means the module has been removed successfully.
You must remove any reference to these files: c2.pl and/or c.sh (System admin dashboard, also called ‘admindashboard’). Those references can be found by running: Updatedb locate c2.pl locate c.sh Once you find them, remove all the references to any of those files.
Also, is very important you verify there are no additional unknown ‘Administrator’ users in the ‘Administrators’ page, since some unauthorized users may have created those unwanted ‘Administrator’ user as part of a scripted attack.
You can update your FreePBX Distro with the scripts: 5.211.65-19 and 6.12.65-18. You can also check their wiki page to know how to keep your FreePBX updated: http://wiki.freepbx.org/display/FD/Updating+FreePBX+Official+Distro
Don’t expose your system to the public internet (if possible) as a good practice.
Visit periodically the FreePBX page in order to be aware of any critical update to your system: http://www.freepbx.org/news
Additionally VoIP.ms always recommend securing your account using the restrictions we offer on the Customer Portal / Main Menu / Account Settings / Account Restrictions. There you’ll be able to restrict the allowed countries to be dialed out, the maximum duration of an international call, the maximum rate per minute, among other restrictions. If you feel your system has been compromised, feel free to change the password of the involved sub accounts and disable international destinations on sub accounts that won’t generate international traffic.
