I have a FreePBX version 15.0.37.9.
Recently I found a suspicious file in the web folder named “magnito.php” containing a code “eval(base64_decode())”.
By doing an analysis, I found 2 other files like this “/admin/modules/ajax.php” and “/admin/modules/core/ajax.php”.
What is strange is that when I delete it, I find it again after a short time.
Are these really compromised files?
There is no ajax.php on these folders.
I think you server has been hacked.
If you decide to reinstall a new server, I think you must install rk_hunter as well.
BTW, FreePBX 15 is pretty old, think to mograte on 16 or 17 asap.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.