ALERT WebMin Backdoor Discovered

ostridge

Guru
Joined
Jan 22, 2015
Messages
383
Reaction score
70
Location
UK
Thanks logged into Webmin and updating now to webmin_1.930
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,239
Reaction score
2,667
We've updated the Incredible PBX 13-13.10 and 16-15.1 installers.Thanks, @phonebuff.
 
Last edited:

l4cky

Member
Joined
Jan 27, 2015
Messages
72
Reaction score
0
We've updated the Incredible PBX 13-13.10 and 16-15.1 installers.Thanks, @phonebuff.
does updating webmin and webmin update packages affect the already installed incredible pbx 13 conf/incredible fax/hylafax or delete or modify the contents?
 

l4cky

Member
Joined
Jan 27, 2015
Messages
72
Reaction score
0
It just does what it says on the tin - so update webmin
I mean im not sure if incrediblepbx also use those packages to be update, a while already installed, an update will modify the configuration of incrediblepbx/fax

oh maybe i was just confused as Software Package Updates has nothing to do with webmin version?
 
Last edited:

kenn10

A lesser geek
Joined
Dec 16, 2007
Messages
1,011
Reaction score
207
Webmin is updated from the webmin page. It has no affect on IncrediblePBX as to operations. You can upgrade without fear.

Log into webmin and it tells you there are updates available.
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
622
Reaction score
83
Unfortunately on my install, I get the error:

Failed to upgrade from www.webmin.com : The Net::SSLeay Perl module needed to make HTTPS connections is not installed on your system

My system is:

PIAF Installed Version = 2.0.6.5 under *HARDWARE* │
│ FreePBX Version = 2.11.0.38 │
│ Running Asterisk Version = 11.10.0 │
│ Asterisk Source Version = 11.10.0 │
│ Dahdi Source Version = 2.9.0 │
│ Libpri Source Version = 1.4.14 │
│ IP Address = 192.168.40.29 on eth0 │
│ Operating System = CentOS release 6.5 (Final) │
│ Kernel Version = 2.6.32-431.1.2.0.1.el6.x86_64 - 64 Bit │
│ Incredible Version = 11.10

Anything I can/should do?
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
622
Reaction score
83
Um, maybe not.

Code:
[email protected]:~ $ yum -y install perl-Net-SSLeasy
Loaded plugins: fastestmirror, refresh-packagekit
Determining fastest mirrors
YumRepo Error: All mirror URLs are not using ftp, http or file.
Eg. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><head><meta http-equiv="refresh" content="0;url=https://searchassist.verizon.com/main?ParticipantID=euekiz39ksg8nwp7iqj2fp5wzfwi5q76&FailedURI=http://www.pbxinaflash.org/piafrepo/piaf64/x86_64/mirrorlist&FailureMode=1&Implementation=&AddInType=4&Version=pywr1.0&ClientLocation=us"/><script type="text/javascript">url="https://searchassist.verizon.com/main?ParticipantID=euekiz39ksg8nwp7iqj2fp5wzfwi5q76&FailedURI=http%3A%2F%2Fwww.pbxinaflash.org%2Fpiafrepo%2Fpiaf64%2Fx86_64%2Fmirrorlist&FailureMode=1&Implementation=&AddInType=4&Version=pywr1.0&ClientLocation=us";if(top.location!=location){var w=window,d=document,e=d.documentElement,b=d.body,x=w.innerWidth||e.clientWidth||b.clientWidth,y=w.innerHeight||e.clientHeight||b.clientHeight;url+="&w="+x+"&h="+y;}window.location.replace(url);</script></head><body></body></html>/
removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/6/piaf64/mirrorlist.txt
Error: Cannot find a valid baseurl for repo: piaf64
WARNING: Always run Incredible PBX behind a secure hardware-based firewall.
Help?

Andrew
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,239
Reaction score
2,667
There is no longer a PIAF 3 repository so remove it from /etc/yum.repos.d
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
622
Reaction score
83
After removing the piaf64.repo from the yum.repos.d directory and re-running, I get:

Code:
[email protected]:/etc/yum.repos.d $ yum -y install perl-Net-SSLeasy
Loaded plugins: fastestmirror, refresh-packagekit
Determining fastest mirrors
 * base: ewr.edge.kernel.org
 * extras: ewr.edge.kernel.org
 * updates: ewr.edge.kernel.org
base                                                                                                                                                    | 3.7 kB     00:00
extras                                                                                                                                                  | 3.4 kB     00:00
extras/primary_db                                                                                                                                       |  29 kB     00:00
schmooze-commercial                                                                                                                                     | 2.9 kB     00:00
schmooze-commercial/primary_db                                                                                                                          | 111 kB     00:00
updates                                                                                                                                                 | 3.4 kB     00:00
updates/primary_db                                                                                                                                      | 5.7 MB     00:01
Setting up Install Process
No package perl-Net-SSLeasy available.
Error: Nothing to do
Andrew
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,239
Reaction score
2,667
You need to get off the PIAF3 platform. It's way past EOL, and there's no real way to reinstall it, support it, or keep it secure.
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
622
Reaction score
83
Ward,

I'm running the machine on an old Intel machine in the basement with a hardware Dahdi board (i'll need to rollback dahdi to support it).

Any thoughts on which stable distro to use? At this point, do I want 13-13 or 16-15?

Thanks for the input.

Andrew
 

kenn10

A lesser geek
Joined
Dec 16, 2007
Messages
1,011
Reaction score
207
Any thoughts on which stable distro to use? At this point, do I want 13-13 or 16-15?
Andrew,

You might as well go with the IncrebilePBX 16-15. It is quite stable at this point. Support on the older versions ends pretty quickly once a newer stable version is released.
 

krzykat

Guru
Joined
Aug 2, 2008
Messages
1,579
Reaction score
427
Location
South Florida
For what it's worth, our main template is still 13-13 ... but we will be rolling out 16-15 version pretty soon, after I get a chance to rebuild a new template with our tweaks and settings. I think Ward's got enough done and working properly on it that its now up to speed.
 
  • Like
Reactions: wardmundy

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,239
Reaction score
2,667
For what it's worth, our main template is still 13-13 ... but we will be rolling out 16-15 version pretty soon, after I get a chance to rebuild a new template with our tweaks and settings. I think Ward's got enough done and working properly on it that its now up to speed.
But I have little hair left :conehead:
 

Members online

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,450
Messages
138,038
Members
14,613
Latest member
roshan2019