List of tampered files - FreePBX 12

I have a list of tampered files in freePBX that look to be all image files. I assume I can ignore these, although I’m unsure how. Is there a good way to ignore or fix this?

 Module: CID Superfecta, File: assets/images/bottom.gif altered
Module: CID Superfecta, File: assets/images/copy.gif altered
Module: CID Superfecta, File: assets/images/delete.gif altered
Module: CID Superfecta, File: assets/images/loading.gif altered
Module: CID Superfecta, File: assets/images/logo.gif altered
Module: CID Superfecta, File: assets/images/off.gif altered
Module: CID Superfecta, File: assets/images/on.gif altered
Module: CID Superfecta, File: assets/images/on_off.gif altered
Module: CID Superfecta, File: assets/images/revert.gif altered
Module: CID Superfecta, File: assets/images/top.gif altered
Module: CID Superfecta, File: assets/images/update.png altered

The answer at this point is if you are not using CID Superfecta just uninstall it.

Thank you for the reply.

Are you using the FreePBX distro?

I saw the same thing after upgrading my FreePBX distro to FreePBX 12, I did uninstall the Superfecta module.

Lots of other strange stuff too, I will definitely need some help with one of my servers, it doesn’t apply without rebooting first, the other appears ok. I’m planning on pushing my other distro boxes to FreePBX if I can get issues resolved.

I just realized my post is not all that helpful, sorry.

The superfecta issue is something I know about but it has to do with that module and how it was originally coded. Since it doesnt break anything and can be fixed by uninstalling and reinstalling I have not been focusing on it.

If you could go into your “strange” stuff that would be great. But starting a new thread might be more helpful.

I just upgraded from version 5.211.65.11 to version 6.12.65-20 , doing all upgrade steps one by one, and I got 30 tampered files:

Module: Weak Password Detection, File: /var/www/html/admin/modules/weakpasswords/functions.inc.php altered
Module: Weak Password Detection, File: /var/www/html/admin/modules/weakpasswords/module.xml altered
Module: Weak Password Detection, File: /var/www/html/admin/modules/weakpasswords/page.weakpasswords.php altered
Module: Weak Password Detection, File: /var/www/html/admin/modules/weakpasswords/uninstall.php altered
Module: Online Support, File: /var/www/html/admin/modules/irc/functions.inc.php altered
Module: Online Support, File: /var/www/html/admin/modules/irc/module.xml altered
Module: Online Support, File: /var/www/html/admin/modules/irc/page.irc.php altered
Module: Online Support, File: /var/www/html/admin/modules/irc/pjirc/irc.jar altered
Module: Online Support, File: /var/www/html/admin/modules/irc/pjirc/pixx.jar altered
Module: Java SSH, File: /var/www/html/admin/modules/javassh/module.xml altered
Module: Java SSH, File: /var/www/html/admin/modules/javassh/page.javassh.php altered
Module: Callback, File: /var/www/html/admin/modules/callback/bin/callback altered
Module: Callback, File: /var/www/html/admin/modules/callback/functions.inc.php altered
Module: Callback, File: /var/www/html/admin/modules/callback/install.php altered
Module: Callback, File: /var/www/html/admin/modules/callback/install.sql altered
Module: Callback, File: /var/www/html/admin/modules/callback/module.xml altered
Module: Callback, File: /var/www/html/admin/modules/callback/page.callback.php altered
Module: Callback, File: /var/www/html/admin/modules/callback/uninstall.php altered
Module: Directory, File: /var/www/html/admin/modules/directory/functions.inc.php altered
Module: Directory, File: /var/www/html/admin/modules/directory/module.xml altered
Module: Custom Applications, File: /var/www/html/admin/modules/customappsreg/functions.inc.php altered
Module: Custom Applications, File: /var/www/html/admin/modules/customappsreg/module.xml altered
Module: Custom Applications, File: /var/www/html/admin/modules/customappsreg/page.customdests.php altered
Module: Custom Applications, File: /var/www/html/admin/modules/customappsreg/page.customextens.php altered
Module: Misc Destinations, File: /var/www/html/admin/modules/miscdests/functions.inc.php altered
Module: Misc Destinations, File: /var/www/html/admin/modules/miscdests/module.xml altered
Module: Misc Destinations, File: /var/www/html/admin/modules/miscdests/page.miscdests.php altered
Module: Dictation, File: /var/www/html/admin/modules/dictate/bin/audio-email.pl altered
Module: Dictation, File: /var/www/html/admin/modules/dictate/functions.inc.php altered
Module: Dictation, File: /var/www/html/admin/modules/dictate/module.xml altered

how to fix this ?

furthermore 8 modules unsigned :

Module “Blacklist” is unsigned and should be re-downloaded
Module “CallerID Lookup” is unsigned and should be re-downloaded
Module “SIPSTATION” is unsigned and should be re-downloaded
Module “PHP Info” is unsigned and should be re-downloaded
Module “DUNDi Lookup Registry” is unsigned and should be re-downloaded
Module “Asterisk IAX Settings” is unsigned and should be re-downloaded
Module “PHPAGI Config” is unsigned and should be re-downloaded
Module “iSymphony” is unsigned and should be re-downloaded

amportal a ma refreshsignatures

I already did that following the security warning link:

amportal chown
amportal a ma refreshsignatures
amportal a reload

but this did not make any difference.

looking at the module admin I see that I also got 1 module broken : fw_ari

when trying to reinstall I get this :

Please wait while module actions are performed
Installing fw_ari
Error(s) installing fw_ari:

Cannot find module

the broken module fw_ari warning disappeared after reboot, but the tampered and unsigned modules warnings remained.

output of refreshsignatures seem however ok, except for isymphony :

[[email protected] ~]# amportal chown

Fetching FreePBX settings with gen_amp_conf.php…

SETTING FILE PERMISSIONS…Done
Removing any dangling symlinks
Dangling symlinks removed
[[email protected] ~]# amportal a ma refreshsignatures

Fetching FreePBX settings with gen_amp_conf.php…

Getting Data from Online Server…Done
Checking Signatures of Modules…
Checking accountcodepreserve…Good
Checking announcement…Good
Checking areminder…Good
Checking asterisk-cli…Good
Checking asteriskinfo…Good
Checking backup…Good
Checking bria…Good
Checking broadcast…Good
Checking builtin…Good
Checking bulkdids…Good
Checking bulkextensions…Good
Checking callerid…Good
Checking callforward…Good
Checking calllimit…Good
Checking callrecording…Good
Checking callwaiting…Good
Checking campon…Good
Checking cdr…Good
Checking conferences…Good
Checking conferencespro…Good
Checking core…Good
Checking cos…Good
Checking customcontexts…Good
Checking cxpanel…Good
Checking dahdiconfig…Good
Checking dashboard…Good
Checking daynight…Good
Checking digium_phones…Good
Checking digiumaddoninstaller…Good
Checking disa…Good
Checking donotdisturb…Good
Checking endpoint…Good
Checking endpointman…Good
Checking extensionroutes…Good
Checking extensionsettings…Good
Checking fax…Good
Checking faxpro…Good
Checking featurecodeadmin…Good
Checking findmefollow…Good
Checking framework…Good
Checking freepbx_ha…Good
Checking fw_langpacks…Good
Checking hotelwakeup…Good
Checking infoservices…Good
Checking isymphony…Signature Invalid
Could not find signed module on remote server!
Checking ivr…Good
Checking languages…Good
Checking logfiles…Good
Checking manager…Good
Checking miscapps…Good
Checking motif…Good
Checking music…Good
Checking outroutemsg…Good
Checking paging…Good
Checking pagingpro…Good
Checking parking…Good
Checking parkpro…Good
Checking pbdirectory…Good
Checking phonebook…Good
Checking pinsets…Good
Checking pinsetspro…Good
Checking presencestate…Good
Checking printextensions…Good
Checking queuemetrics…Good
Checking queueprio…Good
Checking queues…Good
Checking qxact_reports…Good
Checking recording_report…Good
Checking recordings…Good
Checking restapi…Good
Checking restapps…Good
Checking restart…Good
Checking ringgroups…Good
Checking setcid…Good
Checking sipsettings…Good
Checking sng_mcu…Good
Checking speeddial…Good
Checking superfecta…Good
Checking sysadmin…Good
Checking timeconditions…Good
Checking tts…Good
Checking ttsengines…Good
Checking userman…Good
Checking vmblast…Good
Checking vmnotify…Good
Checking voicemail…Good
Checking voicemail_report…Good
Checking vqplus…Good
Checking webcallback…Good
Checking xmpp…Good
Done

SETTING FILE PERMISSIONS…Done
Removing any dangling symlinks
Dangling symlinks removed
[[email protected] ~]# amportal a reload

Fetching FreePBX settings with gen_amp_conf.php…

Successfully reloaded

Are you just having an issue with “isymphony”?

in the dashboard I still get 30 tampered and 8 unsigned modules.

isymphony is the only one giving error when refreshing signatures

If everything says good then you just need to run:

Amportal a r

Just noticed that these modules are not appearing in the above list when doing refreshsignatures. For example dictation , callback, … show as tampered, but do not list in the refreshsignatures.

Now I discovered why : these modules were disabled. After enabling te dictation module and rerunning the refreshsignatures then the related modules do not show tampered anymore.

So disabled modules are not handled. Could this be fixed, because I do not need many modules in my setup.

1 Like

Nice thanks @woodpecker505!