ALERT WebMin Backdoor Discovered

ostridge

Guru
Joined
Jan 22, 2015
Messages
383
Reaction score
70
Location
UK
Thanks logged into Webmin and updating now to webmin_1.930
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,136
Reaction score
2,627
We've updated the Incredible PBX 13-13.10 and 16-15.1 installers.Thanks, @phonebuff.
 
Last edited:

l4cky

Member
Joined
Jan 27, 2015
Messages
72
Reaction score
0
We've updated the Incredible PBX 13-13.10 and 16-15.1 installers.Thanks, @phonebuff.
does updating webmin and webmin update packages affect the already installed incredible pbx 13 conf/incredible fax/hylafax or delete or modify the contents?
 

l4cky

Member
Joined
Jan 27, 2015
Messages
72
Reaction score
0
It just does what it says on the tin - so update webmin
I mean im not sure if incrediblepbx also use those packages to be update, a while already installed, an update will modify the configuration of incrediblepbx/fax

oh maybe i was just confused as Software Package Updates has nothing to do with webmin version?
 
Last edited:

kenn10

A lesser geek
Joined
Dec 16, 2007
Messages
943
Reaction score
177
Webmin is updated from the webmin page. It has no affect on IncrediblePBX as to operations. You can upgrade without fear.

Log into webmin and it tells you there are updates available.
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
539
Reaction score
77
Unfortunately on my install, I get the error:

Failed to upgrade from www.webmin.com : The Net::SSLeay Perl module needed to make HTTPS connections is not installed on your system

My system is:

PIAF Installed Version = 2.0.6.5 under *HARDWARE* │
│ FreePBX Version = 2.11.0.38 │
│ Running Asterisk Version = 11.10.0 │
│ Asterisk Source Version = 11.10.0 │
│ Dahdi Source Version = 2.9.0 │
│ Libpri Source Version = 1.4.14 │
│ IP Address = 192.168.40.29 on eth0 │
│ Operating System = CentOS release 6.5 (Final) │
│ Kernel Version = 2.6.32-431.1.2.0.1.el6.x86_64 - 64 Bit │
│ Incredible Version = 11.10

Anything I can/should do?
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
539
Reaction score
77
Um, maybe not.

Code:
[email protected]:~ $ yum -y install perl-Net-SSLeasy
Loaded plugins: fastestmirror, refresh-packagekit
Determining fastest mirrors
YumRepo Error: All mirror URLs are not using ftp, http or file.
Eg. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><head><meta http-equiv="refresh" content="0;url=https://searchassist.verizon.com/main?ParticipantID=euekiz39ksg8nwp7iqj2fp5wzfwi5q76&FailedURI=http://www.pbxinaflash.org/piafrepo/piaf64/x86_64/mirrorlist&FailureMode=1&Implementation=&AddInType=4&Version=pywr1.0&ClientLocation=us"/><script type="text/javascript">url="https://searchassist.verizon.com/main?ParticipantID=euekiz39ksg8nwp7iqj2fp5wzfwi5q76&FailedURI=http%3A%2F%2Fwww.pbxinaflash.org%2Fpiafrepo%2Fpiaf64%2Fx86_64%2Fmirrorlist&FailureMode=1&Implementation=&AddInType=4&Version=pywr1.0&ClientLocation=us";if(top.location!=location){var w=window,d=document,e=d.documentElement,b=d.body,x=w.innerWidth||e.clientWidth||b.clientWidth,y=w.innerHeight||e.clientHeight||b.clientHeight;url+="&w="+x+"&h="+y;}window.location.replace(url);</script></head><body></body></html>/
removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/6/piaf64/mirrorlist.txt
Error: Cannot find a valid baseurl for repo: piaf64
WARNING: Always run Incredible PBX behind a secure hardware-based firewall.
Help?

Andrew
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
539
Reaction score
77
After removing the piaf64.repo from the yum.repos.d directory and re-running, I get:

Code:
[email protected]:/etc/yum.repos.d $ yum -y install perl-Net-SSLeasy
Loaded plugins: fastestmirror, refresh-packagekit
Determining fastest mirrors
 * base: ewr.edge.kernel.org
 * extras: ewr.edge.kernel.org
 * updates: ewr.edge.kernel.org
base                                                                                                                                                    | 3.7 kB     00:00
extras                                                                                                                                                  | 3.4 kB     00:00
extras/primary_db                                                                                                                                       |  29 kB     00:00
schmooze-commercial                                                                                                                                     | 2.9 kB     00:00
schmooze-commercial/primary_db                                                                                                                          | 111 kB     00:00
updates                                                                                                                                                 | 3.4 kB     00:00
updates/primary_db                                                                                                                                      | 5.7 MB     00:01
Setting up Install Process
No package perl-Net-SSLeasy available.
Error: Nothing to do
Andrew
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,136
Reaction score
2,627
You need to get off the PIAF3 platform. It's way past EOL, and there's no real way to reinstall it, support it, or keep it secure.
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
539
Reaction score
77
Ward,

I'm running the machine on an old Intel machine in the basement with a hardware Dahdi board (i'll need to rollback dahdi to support it).

Any thoughts on which stable distro to use? At this point, do I want 13-13 or 16-15?

Thanks for the input.

Andrew
 

kenn10

A lesser geek
Joined
Dec 16, 2007
Messages
943
Reaction score
177
Any thoughts on which stable distro to use? At this point, do I want 13-13 or 16-15?
Andrew,

You might as well go with the IncrebilePBX 16-15. It is quite stable at this point. Support on the older versions ends pretty quickly once a newer stable version is released.
 

krzykat

Guru
Joined
Aug 2, 2008
Messages
1,541
Reaction score
415
Location
South Florida
For what it's worth, our main template is still 13-13 ... but we will be rolling out 16-15 version pretty soon, after I get a chance to rebuild a new template with our tweaks and settings. I think Ward's got enough done and working properly on it that its now up to speed.
 
  • Like
Reactions: wardmundy

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,136
Reaction score
2,627
For what it's worth, our main template is still 13-13 ... but we will be rolling out 16-15 version pretty soon, after I get a chance to rebuild a new template with our tweaks and settings. I think Ward's got enough done and working properly on it that its now up to speed.
But I have little hair left :conehead:
 

Members online

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,367
Messages
137,355
Members
14,575
Latest member
Issue