ALERT WebMin Backdoor Discovered

ostridge

Guru
Joined
Jan 22, 2015
Messages
1,618
Reaction score
517
Thanks logged into Webmin and updating now to webmin_1.930
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
We've updated the Incredible PBX 13-13.10 and 16-15.1 installers.Thanks, @phonebuff.
 
Last edited:

l4cky

Member
Joined
Jan 27, 2015
Messages
175
Reaction score
4
We've updated the Incredible PBX 13-13.10 and 16-15.1 installers.Thanks, @phonebuff.

does updating webmin and webmin update packages affect the already installed incredible pbx 13 conf/incredible fax/hylafax or delete or modify the contents?
 

l4cky

Member
Joined
Jan 27, 2015
Messages
175
Reaction score
4
It just does what it says on the tin - so update webmin

I mean im not sure if incrediblepbx also use those packages to be update, a while already installed, an update will modify the configuration of incrediblepbx/fax

oh maybe i was just confused as Software Package Updates has nothing to do with webmin version?
 
Last edited:

kenn10

Well-Known Member
Joined
Dec 16, 2007
Messages
3,764
Reaction score
2,173
Webmin is updated from the webmin page. It has no affect on IncrediblePBX as to operations. You can upgrade without fear.

Log into webmin and it tells you there are updates available.
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
772
Reaction score
124
Unfortunately on my install, I get the error:

Failed to upgrade from www.webmin.com : The Net::SSLeay Perl module needed to make HTTPS connections is not installed on your system

My system is:

PIAF Installed Version = 2.0.6.5 under *HARDWARE* │
│ FreePBX Version = 2.11.0.38 │
│ Running Asterisk Version = 11.10.0 │
│ Asterisk Source Version = 11.10.0 │
│ Dahdi Source Version = 2.9.0 │
│ Libpri Source Version = 1.4.14 │
│ IP Address = 192.168.40.29 on eth0 │
│ Operating System = CentOS release 6.5 (Final) │
│ Kernel Version = 2.6.32-431.1.2.0.1.el6.x86_64 - 64 Bit │
│ Incredible Version = 11.10

Anything I can/should do?
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
772
Reaction score
124
Um, maybe not.

Code:
root@pbx:~ $ yum -y install perl-Net-SSLeasy
Loaded plugins: fastestmirror, refresh-packagekit
Determining fastest mirrors
YumRepo Error: All mirror URLs are not using ftp, http or file.
Eg. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><head><meta http-equiv="refresh" content="0;url=https://searchassist.verizon.com/main?ParticipantID=euekiz39ksg8nwp7iqj2fp5wzfwi5q76&FailedURI=http://www.pbxinaflash.org/piafrepo/piaf64/x86_64/mirrorlist&FailureMode=1&Implementation=&AddInType=4&Version=pywr1.0&ClientLocation=us"/><script type="text/javascript">url="https://searchassist.verizon.com/main?ParticipantID=euekiz39ksg8nwp7iqj2fp5wzfwi5q76&FailedURI=http%3A%2F%2Fwww.pbxinaflash.org%2Fpiafrepo%2Fpiaf64%2Fx86_64%2Fmirrorlist&FailureMode=1&Implementation=&AddInType=4&Version=pywr1.0&ClientLocation=us";if(top.location!=location){var w=window,d=document,e=d.documentElement,b=d.body,x=w.innerWidth||e.clientWidth||b.clientWidth,y=w.innerHeight||e.clientHeight||b.clientHeight;url+="&w="+x+"&h="+y;}window.location.replace(url);</script></head><body></body></html>/
removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/6/piaf64/mirrorlist.txt
Error: Cannot find a valid baseurl for repo: piaf64
WARNING: Always run Incredible PBX behind a secure hardware-based firewall.

Help?

Andrew
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
There is no longer a PIAF 3 repository so remove it from /etc/yum.repos.d
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
772
Reaction score
124
After removing the piaf64.repo from the yum.repos.d directory and re-running, I get:

Code:
root@pbx:/etc/yum.repos.d $ yum -y install perl-Net-SSLeasy
Loaded plugins: fastestmirror, refresh-packagekit
Determining fastest mirrors
 * base: ewr.edge.kernel.org
 * extras: ewr.edge.kernel.org
 * updates: ewr.edge.kernel.org
base                                                                                                                                                    | 3.7 kB     00:00
extras                                                                                                                                                  | 3.4 kB     00:00
extras/primary_db                                                                                                                                       |  29 kB     00:00
schmooze-commercial                                                                                                                                     | 2.9 kB     00:00
schmooze-commercial/primary_db                                                                                                                          | 111 kB     00:00
updates                                                                                                                                                 | 3.4 kB     00:00
updates/primary_db                                                                                                                                      | 5.7 MB     00:01
Setting up Install Process
No package perl-Net-SSLeasy available.
Error: Nothing to do

Andrew
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
You need to get off the PIAF3 platform. It's way past EOL, and there's no real way to reinstall it, support it, or keep it secure.
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
772
Reaction score
124
Ward,

I'm running the machine on an old Intel machine in the basement with a hardware Dahdi board (i'll need to rollback dahdi to support it).

Any thoughts on which stable distro to use? At this point, do I want 13-13 or 16-15?

Thanks for the input.

Andrew
 

kenn10

Well-Known Member
Joined
Dec 16, 2007
Messages
3,764
Reaction score
2,173
Any thoughts on which stable distro to use? At this point, do I want 13-13 or 16-15?

Andrew,

You might as well go with the IncrebilePBX 16-15. It is quite stable at this point. Support on the older versions ends pretty quickly once a newer stable version is released.
 

krzykat

Telecom Strategist
Joined
Aug 2, 2008
Messages
3,145
Reaction score
1,235
For what it's worth, our main template is still 13-13 ... but we will be rolling out 16-15 version pretty soon, after I get a chance to rebuild a new template with our tweaks and settings. I think Ward's got enough done and working properly on it that its now up to speed.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
For what it's worth, our main template is still 13-13 ... but we will be rolling out 16-15 version pretty soon, after I get a chance to rebuild a new template with our tweaks and settings. I think Ward's got enough done and working properly on it that its now up to speed.

But I have little hair left :conehead:
 

Members online

No members online now.

Forum statistics

Threads
25,778
Messages
167,504
Members
19,199
Latest member
leocipriano
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top