FTP Server of Horde Breached, Hackers Installed Back-door in Horde Groupware & Webmail
Horde faced cyber attack. Developpers at Horde open source community confirmed that one of their FTP server has been breached. Attacker also infected various files stored on that ftp server. In their official statement Horde said :- "A few days ago we became aware of a manipulated file on our FTP server. Upon further investigation we discovered that the server has been hacked earlier, and three releases have been manipulated to allow unauthenticated remote PHP execution," they explained. "We have immediately taken down all distribution servers to further analyze the extent of this incident, and we have worked closely with various Linux distributions to coordinate our response."
The three files that were modified to include a backdoor are Horde 3.3.12, Horde Groupware 1.2.10 and Horde Groupware Webmail Edition 1.2.10., and users who have downloaded any of those since the start of November 2011 until February 7 (when the breach was discovered) are advised to download new, clean versions and reinstall their machines, or to upgrade to the more recent versions. For those who would like to be sure whether they were affected, the developers advise searching their Horde directory tree for the following signature: $m($m). Horde 4 users can breathe safely, as that file has not been manipulated. The developers also made sure to point out that they have replaced all the FTP and PEAR servers, and uploaded clean files.