Users who downloaded and deployed the phpMyAdmin-126.96.36.199-all-languages.zip package recently are advised to check whether heir phpMyAdmin installations contain the rogue server_sync.php file. If the file is found, the software should be deleted and a fresh copy of the package should be downloaded.
Web server administrators are also advised to check the server logs in order to determine whether the backdoor was accessed and used to execute rogue code on their servers.
The phpMyAdmin development team regularly publishes the MD5 checksums for the software's official install packages on its website. For example, the legitimate phpMyAdmin-188.8.131.52-all-languages.zip archive has an MD5 checksum of "6f284e973809af8cda998eeaa9aa7884".
Users should calculate the MD5 checksum of the package they download and compare it to the one published by the phpMyAdmin developers in order to verify that it is legitimate. A modified package will have a different MD5 checksum.
In fact, users should always perform a checksum verification when downloading software for use on their computers or servers, whenever the developer provides an MD5 or other type of checksum for the installer. Some browsers, like Mozilla Firefox, have extensions that make checksum checking easier.
This is not the first time that a download server has been compromised and the installer of a popular application has been backdoored.
In June 2011, the WordPress development team warned that some fairly popular WordPress plug-ins had been backdoored through the official plug-in repository.
In July 2011, the maintainer of vsftpd (Very Secure FTP Daemon), a popular FTP server software, announced that the master vsftpd download site was compromised and the software's official packages were rigged with a backdoor.
In December 2010, unknown hackers compromised the main distribution server of the ProFTPD Project -- another popular FTP server software -- and added a root shell backdoor to the source code.