Web Hosting Forum - Explore the Latest in Web Hosting Discussions

We are a community of individuals and businesses passionate about web hosting. Let's build, learn, and grow together.

Official PHP Git server hacked to add malware in PHP source code

Hi all,

On Sunday, PHP programming language developer and maintainer Nikita Popov said that two malicious commits were added to the php-src repository in both his and the name of PHP creator Rasmus Lerdorf.

The malicious commits, which appeared to be signed off under the names of Popov and Lerdorf (1,2), were masked as simple typographical errors that needed to be resolved. The code appears to be designed to implant a backdoor and create a scenario in which remote code execution (RCE) may be possible. Popov said the development team is unsure exactly how the attack occurred, but clues indicate that the official git.php.net server was likely compromised rather than individual Git accounts.

Following this incident, PHP maintainers have decided to migrate the official PHP source code repository to GitHub as a precaution.
 

Advertisement

Back
Top