Nice Try, but The Bad Guys Lose

For a few days, two files on a Sourceforge mirror were modified to ship malware with phpMyAdmin. 400 downloads went out before Sourceforge shut down the mirror. Instead of taking over the world, the bad guys were stopped cold. Globally, Sourceforge counted 50K downloads of phpMyAdmin this week. This is another good reason to check your checksums and scan for malware before using any file from the web. Further, I don’t recommend using phpMyAdmin from the web. One should at least add a couple more layers of security to it like blocking any connection to/from it not from the database-admin’s workstation or using SSH to port the database to the database-admin’s workstation and only using a local copy of phpMyAdmin there.

Using phpMyAdmin from a reputable distro is another layer of security not to be overlooked. I recommend Debian GNU/Linux. Their package manager does verify packages.

see phpMyAdmin distributed with backdoor – The H Open: News and Features.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged . Bookmark the permalink.

One Response to Nice Try, but The Bad Guys Lose

  1. oiaohm says:

    So much for the claim attackers don’t try to hit open source.

    This kind of attack is not a one off. Lot of monitoring goes on so this stuff gets picked up.

Leave a Reply