New WebMeeting Version: Bug Fixes, and FreePBX Web MeetMe Support Module
FreePBX conference rooms are undoubtedly one of the coolest and most often requested functions of a PBX. But the Conferences created in FreePBX can be a security concern.
Once a conference is created, its available all the time, with the same PIN’s, until its deleted by a PBX administrator. From a security standpoint, this may be ok for conference rooms that are ONLY available to inside extensions, but it could spell disaster and abuse for conference rooms that can be reached via DID or IVR from the outside world. In these cases, a previous conference attendee would gain exposure to the user PIN, and could call back and use the conference room without authorization.
Web MeetMe to the Rescue
Web MeetMe is a big step forward – conferences created in Web MeetMe expire. They are valid only during the periods for which they were configured to be available. Outside those valid times/dates, the conferences won’t work, with or without PIN.
By scheduling conferences that expire, Web MeetMe encourages the important security practice of deploying new PINS (and even conference ID’s) for each conference that is created.
Why a new version now?
Fixes for the base code of Web MeetMe designed to correct possible sql injection attack concerns have recently become available in the SVN, and should be applied to any production system running Web MeetMe. This new install script provides the newest codebase, as well as several additional important fixes that correct several nagging problems with the user interface and several functions of the Web MeetMe user interface.
Also, the current version of Web MeetMe for PBXIAF requires the administrator to manually create and manage the Special Destination in FreePBX. This can be cumbersome, and introduce inadvertent configuration errors. This new version includes a “Companion Module” for FreePBX that turns the Web MeetMe program into a full blown FreePBX Module and Feature, which allows you to manage the feature code, and even enable or disable the Web MeetMe function, right from the FreePBX Feature Control page.
The good news is that for a first time install (no previous Web MeetMe version installed) , it’s as simple as:
This program and process were developed expressly for, and have been tested only with PBX In A Flash, Fonica PABX, and Foncordiax distributions. On other distros, your mileage may vary.
If you have installed the standard PBXIAF WebMeetMe script as it exists today – that version must be removed to assure a straight forward install of this new upgraded version. If you don’t do this Web MeetMe will be crushed – and will not work any more. Removal is simple, and should take less than 5 minutes.
Removal of previous Web MeetMe
1. From your PBXIAF, remove the entire folder:
/var/www/html/web-meetme
2. From inside /root/, delete all scripts with the characters “meetme3” in them. (install-meetme3.x, or if your trying to run this script again, also remove piaf-wmm.sh)
3. Using the FreePBX Config Editor, from inside extensions_custom.conf, remove the following contexts in their entirety:
[mm-announce], [mm-end], and [custom-meetme3]
4. Remove (or don’t) any FreePBX Custom Destinations you have created to use the Previous install of Web MeetMe. The custom destination code (custom-meetme3,s,1) is the same for both versions of Web Meetme, so you’ll very likely still need these – and would just end up creating them again) Either way, the new install will create a Custom Destination for use with Web MeetMe – which you may use or ignore.
5. Remove any FreePBX Misc Applications you have created to use the previous install of Web MeetMe. This step is important – the new version creates its own Feature Code to replace the Miscellaneous Application. Because we have created a module for Web MeetMe, you will now have a feature code to dial – which can be configured from the FreePBX feature code page.
6. Remove the KennonSoft menu Web-MeetMe Icon.
From inside /Var/html/welcome/.htindex.cfg, locate and delete the line that looks something like this:
1,meetme,./web-meetme,Web MeetMe3,ico_meetme.png
Don’t forget to save your changes!
7. Remove Previous Web Security Settings
The previous versions of Web MeetMe create entries in the web security control file, as does this new script. In order to prevent unnecessary build up in the file, the previous installs entries should be removed.
In /etc/pbx/httpdconf/pbx.conf, locate and remove the block that looks like this:
#Password protect /var/www/html/web-meetme
<Directory /var/www/html/web-meetme>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require user wwwadmin maint meetme
</Directory>
Don’t forget to save your changes.
8. Optional: Remove Web MeetMe database.
If you don’t want to keep any of your current Web MeetMe configurations or meeting schedule data (you want a “clean” install), you may use phpMyAdmin to drop the meetme database from the system. From inside phpMyAdmin, select the webmeetme database. Then, in the upper right hand corner, click DROP. Be careful, if you’ve selected the wrong database – there is no recovery.
The database has not changed between the versions of Web Meetme – if you leave your existing Database, it will be adopted and used just fine by the new install.
Now your ready to perform the new installation.
See New Web MeetMe System - Part 2
FreePBX conference rooms are undoubtedly one of the coolest and most often requested functions of a PBX. But the Conferences created in FreePBX can be a security concern.
Once a conference is created, its available all the time, with the same PIN’s, until its deleted by a PBX administrator. From a security standpoint, this may be ok for conference rooms that are ONLY available to inside extensions, but it could spell disaster and abuse for conference rooms that can be reached via DID or IVR from the outside world. In these cases, a previous conference attendee would gain exposure to the user PIN, and could call back and use the conference room without authorization.
Web MeetMe to the Rescue
Web MeetMe is a big step forward – conferences created in Web MeetMe expire. They are valid only during the periods for which they were configured to be available. Outside those valid times/dates, the conferences won’t work, with or without PIN.
By scheduling conferences that expire, Web MeetMe encourages the important security practice of deploying new PINS (and even conference ID’s) for each conference that is created.
Why a new version now?
Fixes for the base code of Web MeetMe designed to correct possible sql injection attack concerns have recently become available in the SVN, and should be applied to any production system running Web MeetMe. This new install script provides the newest codebase, as well as several additional important fixes that correct several nagging problems with the user interface and several functions of the Web MeetMe user interface.
Also, the current version of Web MeetMe for PBXIAF requires the administrator to manually create and manage the Special Destination in FreePBX. This can be cumbersome, and introduce inadvertent configuration errors. This new version includes a “Companion Module” for FreePBX that turns the Web MeetMe program into a full blown FreePBX Module and Feature, which allows you to manage the feature code, and even enable or disable the Web MeetMe function, right from the FreePBX Feature Control page.
The good news is that for a first time install (no previous Web MeetMe version installed) , it’s as simple as:
- Run the installation script
- Install the module
- Start using WebMeetMe.
This program and process were developed expressly for, and have been tested only with PBX In A Flash, Fonica PABX, and Foncordiax distributions. On other distros, your mileage may vary.
If you have installed the standard PBXIAF WebMeetMe script as it exists today – that version must be removed to assure a straight forward install of this new upgraded version. If you don’t do this Web MeetMe will be crushed – and will not work any more. Removal is simple, and should take less than 5 minutes.
Removal of previous Web MeetMe
1. From your PBXIAF, remove the entire folder:
/var/www/html/web-meetme
2. From inside /root/, delete all scripts with the characters “meetme3” in them. (install-meetme3.x, or if your trying to run this script again, also remove piaf-wmm.sh)
3. Using the FreePBX Config Editor, from inside extensions_custom.conf, remove the following contexts in their entirety:
[mm-announce], [mm-end], and [custom-meetme3]
4. Remove (or don’t) any FreePBX Custom Destinations you have created to use the Previous install of Web MeetMe. The custom destination code (custom-meetme3,s,1) is the same for both versions of Web Meetme, so you’ll very likely still need these – and would just end up creating them again) Either way, the new install will create a Custom Destination for use with Web MeetMe – which you may use or ignore.
5. Remove any FreePBX Misc Applications you have created to use the previous install of Web MeetMe. This step is important – the new version creates its own Feature Code to replace the Miscellaneous Application. Because we have created a module for Web MeetMe, you will now have a feature code to dial – which can be configured from the FreePBX feature code page.
6. Remove the KennonSoft menu Web-MeetMe Icon.
From inside /Var/html/welcome/.htindex.cfg, locate and delete the line that looks something like this:
1,meetme,./web-meetme,Web MeetMe3,ico_meetme.png
Don’t forget to save your changes!
7. Remove Previous Web Security Settings
The previous versions of Web MeetMe create entries in the web security control file, as does this new script. In order to prevent unnecessary build up in the file, the previous installs entries should be removed.
In /etc/pbx/httpdconf/pbx.conf, locate and remove the block that looks like this:
#Password protect /var/www/html/web-meetme
<Directory /var/www/html/web-meetme>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require user wwwadmin maint meetme
</Directory>
Don’t forget to save your changes.
8. Optional: Remove Web MeetMe database.
If you don’t want to keep any of your current Web MeetMe configurations or meeting schedule data (you want a “clean” install), you may use phpMyAdmin to drop the meetme database from the system. From inside phpMyAdmin, select the webmeetme database. Then, in the upper right hand corner, click DROP. Be careful, if you’ve selected the wrong database – there is no recovery.
The database has not changed between the versions of Web Meetme – if you leave your existing Database, it will be adopted and used just fine by the new install.
Now your ready to perform the new installation.
See New Web MeetMe System - Part 2