FreePBX complains of tampered file?

Just got an email from FreePBX:


You have 1 tampered files:
 Module: "CID Superfecta", File:

Is this a sign of a hack?

Thank you

EDIT: Looking at the file, it looks like it shows sign of file corruption? Below is a snippet.

 public function r�freshTokenWithAssertion($assertionCredentiqls = null)
"   if (!&asseption^Credentialq) {
`     $assertionCredentials = $t`is->ass�r�ionCredejtials;

    $cacheKey = $assertionCrede�tials-^^getCacheKey();

Repair with:

fwconsole ma refreshsignatures

Yay, glad to see Signature Checking potentially saved your bacon. But this is a really bad thing - if one file is corrupt, you need to figure out WHY it’s corrupt. Possibly a failing drive?

1 Like

… or a failing memory module somewhere in the system. There are several levels of memory in the average system, and you could be seeing the failure of a cache module, a drive controller cache, on on-disk memory buffer, or a bad hard drive itself.

The ‘fire and forget’ way to solve it is to replace the system wholesale and image the drive onto a new drive. Imaging the drive onto a new drive would probably be a good idea anyway, since problems like this (once they start) usually only get worse.

I find it unlikely it will be RAM, because RAM would only corrupt the file when it’s being written - it wouldn’t corrupt a file that’s at rest.

1 Like

I do find it odd that the one file on my system that’s seemingly got corrupt has to do with logins! Hmmm.
Anyway I’ve run the rereshsignatures command, I guess there’s no way to tell what may or may not have gone on?
(I use fail2ban and the FreePBX server’s ports aren’t exposed to the world.)
Thanks all

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.