Nice Try, but The Bad Guys Lose at Robert Pogson

For a few days, two files on a Sourceforge mirror were modified to ship malware with phpMyAdmin. 400 downloads went out before Sourceforge shut down the mirror. Instead of taking over the world, the bad guys were stopped cold. Globally, Sourceforge counted 50K downloads of phpMyAdmin this week. This is another good reason to check your checksums and scan for malware before using any file from the web. Further, I don’t recommend using phpMyAdmin from the web. One should at least add a couple more layers of security to it like blocking any connection to/from it not from the database-admin’s workstation or using SSH to port the database to the database-admin’s workstation and only using a local copy of phpMyAdmin there.

Using phpMyAdmin from a reputable distro is another layer of security not to be overlooked. I recommend Debian GNU/Linux. Their package manager does verify packages.

see phpMyAdmin distributed with backdoor – The H Open: News and Features.

My Mission

My observations and opinions about IT are based on 40 years of use in science and technology and lately, in education. I like IT that is fast, cost-effective and reliable. I do not care whether my solution is the same as yours. I like to think for myself.

My first use of GNU/Linux in 2001 was so remarkably better than what I had been using, I feel it is important work to share GNU/Linux with the world. I have been blessed by working in schools where students and school systems have benefited by good, modular software easily installed in most systems.

I have shown GNU/Linux to thousands of students and hundreds of teachers over the years and will continue in some way doing that until I die in spite of the opposition.

1 Response to “Nice Try, but The Bad Guys Lose”

Feed for this Entry

1 oiaohm Sep 26th, 2012 at 4:24 pm

So much for the claim attackers don’t try to hit open source.

This kind of attack is not a one off. Lot of monitoring goes on so this stuff gets picked up.