phpMyAdmin is implanted in the back door to cause server data to be stolen

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

Recently, the popular database management tool phpMyAdmin was hacked into the back door, hackers can obtain the highest server privileges, full control of the server and steal arbitrary data. After investigation, tampered with the phpMyAdmin by the world's largest Open-source software development site SourceForge.net South Korea CDN node outflow, the site with the hacker invasion. site security detection found that most of the domestic users from the node to obtain phpMyAdmin, which led to tens of thousands of sites are threatened.

It is reported that phpMyAdmin is a Web database management tool, users all over the world, but because it must be installed in the Web server, so once the hacker intrusion and obtain advanced access rights, then directly endanger the server Core data.

Figure 1:phpmyadmin was implanted in the back door.

According to web site security detection analysis, there is a backdoor phpMyAdmin version of the August 12, 2012 release of the "Phpmyadmin-3.5.2.2-all-languages" (full language version). The hacker server_sync.php the backdoor file named "the Software" (Figure 1), very concealed, the administrator is very difficult to detect.

Figure 2: Site security Check to check out the back door

Due to a wide range of impact, the Web site security detection platform to release the first time the vulnerability detection rules, and to the user who has the vulnerability to send warning messages. At the same time, security experts recommend webmaster and webmaster, as soon as possible to check and delete server_sync.php backdoor files, at the same time, "site defender" Also added further protection rules, recommended by the administrator to install the use.

Website Security Services

for the webmaster to provide free web site security solutions, including Web site security testing platform and site defender:

Site security Testing platform is the first set of Web site vulnerability detection, website hanging horse monitoring, web site tampering monitoring in one of the free testing platform, with a comprehensive web site vulnerabilities and honeypot cluster detection system, to the first time to assist the site detection repair holes;

Site Guards for webmaster free web site firewall, DDoS protection, CC protection, intelligent DNS resolution, hotlinking protection, page compression, cache acceleration and permanent online services.