SourceForge mirror compromised, backdoor slipped into phpMyAdmin

SourceForge mirror compromised, backdoor slipped into phpMyAdmin

Summary: One of SourceForge's mirrors was compromised this week, unwittingly serving users a version of phpMyAdmin containing a backdoor.

SHARE:
TOPICS: Security
2

Users have been tricked into downloading a compromised version of phpMyAdmin that contains a backdoor.

The free software, written in PHP, provides administrators with a way to manage their MySQL instances via a browser, rather than connecting directly to the server's SQL command line.

In an announcement by phpMyAdmin, users are being warned that one of the SourceForge mirrors that host the software for others to download was compromised, and was distributing the software with a backdoor.

"This backdoor is located in file server_sync.php, and allows an attacker to remotely execute PHP code," phpMyAdmin said in its announcement. "Another file, js/cross_framing_protection.js, has also been modified."

The SourceForge server in question was cdnetworks-kr-1, a Korean mirror. In a separate post by the SourceForge team, it confirmed that the owner of the mirror identified a breach of its systems "on or around September 22."

SourceForge has since removed the mirror from the pool of servers that users can download hosted files from, but not before a number of users downloaded the modified version of the phpMyAdmin package.

"Through logs, we have identified that approximately 400 users downloaded this corrupted file. Notice of this corrupted file has been transmitted through security notice by the phpMyAdmin project and direct email to those users we were able to identify through our logs."

According to phpMyAdmin, users can easily detect whether their package was one of those compromised by seeing if it contains the file server_sync.php, while SourceForge advised those who had already installed the package that an examination of their web logs and other server data should help confirm whether a backdoor was accessed.

Topic: Security

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • sourceforge has been compromised for a while now

    You cannot trust any code from the site. It has been subsumed by the 'man' in their eternal quest against evil doers - basically anyone who is not one of the one percent or their minions and who doesn't want to rape the world for profit. Free and open code? hah! No free and open code for YOU! Try Stellarium, and satellite tracking and... Why did major geeks step in? Oh right, maybe someone can work out when the sats are going over, and so we all suffer with insinuated malware. And the real reason - they cannot have all that free stuff COMPETING with the US bottom line now can they? So they seed planned obsolescence and ersatz creative destruction into the bowels of sourceforges' best, and we all get yoked down a little bit more to the tyranny of the new robber barons and their lickspittle minions...
    walkerjian
    • And the disappearing UFOs

      The last time we heard from you, it was about obtaining infinite free energy with antigravity as a byproduct. How's that project coming?
      Robert Hahn