Openfire download link hacked?

imdabest · June 10, 2008, 8:13pm

Hello,

I am using openfire since last two years now. I was so much busy i never

checked the current version available. So I found new version is available and

when to download it.

I clicked on download link > openfire > Linux version.

I got prompt to save file since I am using windows on my PC i didn’t looked

at what I was downloading the file name.

After few minutes when I got download complete message I open the folder

where I saved the file now as I was looking for open fire rpm I figure out that

file which I have downloaded is.

openoffice-password-recovery.exe.rpm 40187 KB

then i again clicked on download link and downloaded the original file and found out that it has the exact same size of original file of openfire rpm.

openfire-3.5.1-1.i386.rpm 40187 KB

I don’t know if it happened with any one else or not but this is what happened

with me today in this way it looks like someone did something with the openfire

rpm download link for sure.

Could you verify I hope this will not cause big trouble with someone else because

I didn’t installed the openoffice-password-recovery.exe.rpm since its not what I

was looking at.

It could be the Trojan or dangerous script which could make system

compromise.

I just wanted to let you know I have the file which I downloaded from igniterealtime.org as well if

you need it I can upload it somewhere you want me to.

Thanks,

Faisal Ashraf

faisal@voip.com.pk

http://www.voip.com.pk

Your VoIP Solutions Partner

LG1 · June 11, 2008, 4:47am

Hi,

would you please post the md5sum of both files?

For me it looks like you did choose another file name while the file save dialog was open.

LG

imdabest · June 11, 2008, 4:55pm

here you go.

~~root@FTP-Server faisal~~# md5sum openoffice-password-recovery.exe.rpm

980b5702645051f44378747b284e79df openoffice-password-recovery.exe.rpm

~~root@FTP-Server faisal~~# md5sum openfire-3.5.1-1.i386.rpm

980b5702645051f44378747b284e79df openfire-3.5.1-1.i386.rpm

it is strange every thing seems same to me.

ls -al

total 80472

drwxr-xr-x 2 root root 4096 Jun 11 11:57 .

drwx------ 19 faisal faisal 4096 Jun 11 11:57 …

-rw-rr 1 faisal faisal 41150993 Jun 10 15:46 openfire-3.5.1-1.i386.rpm

-rw-rr 1 faisal faisal 41150993 Jun 10 13:23 openoffice-password-recovery.exe.rpm

LG1 · June 11, 2008, 6:15pm

Hi,

so I’d say they are the same. It’s quite hard to create another file with the same md5sum.

Maybe your browser had some issues setting the right file name.

LG

NO_MESSAGES_OR_FRIEN · June 11, 2008, 6:20pm

I blame redhat

imdabest · June 12, 2008, 12:34am

Well could be possible but i used firefox 2.0.0.14 Windows Client.

then I copied it on the linux server so I can upgreade the openfire.

anyway if it’s not happend before then it could be the any thing… but this is really strange because i dont use openoffice as i use msoffice so i never look for password recovery file for that.

anyway I dont have any test box otherwise i would check this rpm on that but i am still keeping it with me if you want check it i can upload it somehere .

how about if i upload it on rapidshare ?

thanks any way since no harm is done then lets forget it ?

Faisal.

Martin_Weusten · June 12, 2008, 9:12am

It would be nice if Ignite Realtime would simply sign all distributed files using OpenPGP. That would solve such problems once for all.

LG1 · June 12, 2008, 5:34pm

Hi,

you could use `cmp file1 file2´ to make sure that they are exactly the same.

And they should really add md5sum to the download pages, that’s probably more easy to setup than a process to sign the files.

LG