Tampered module

ran fwconsole vaildate on one of my systems and it returned this:

Critical error! The module signature file /var/www/html/admin/modules/iub24/module.sig HAS BEEN TAMPERED.
You should immediately redownload this module

What module is that?

I’ve never heard of it. Possibly some custom development which I presume you would be aware of, or more likely evidence of an exploit. Take a look at some of the files in that folder, it’s very common for malicious code to be disguised into gibberish with base64 encoding.

yeah, this is from one of my compromised systems. Been comparing to other clean systems and don’t see that path anywhere…

Gonna start going through my known compromised systems and see if it’s consistent

mystery solved, this was an add on CRM integration module I tested for a client a long time ago. I removed the module from my system but apparently the uninstall left stuff behind.

1 Like

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.