PHP Repository Exploited by Hackers

  • March 29, 2021
PHP repository exploited by hackers

The official PHP git repository, http://git.php.net/, was compromised this Sunday, March 28.

An attacker was able to modify the PHP source code twice and inject a backdoor into it. Thankfully, both attempts were quickly detected and removed by the PHP team.

Per a statement released in PHP’s internal mailing list, the current investigation believes the git.php.net server itself has been compromised rather than the individual’s account.

Everything points towards a compromise of the git.php.net server.

To prevent this from reoccurring, the official git repository will switch from their own git.php.net to the mirror on github.

While investigation is still underway, we have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the git.php.net server.

Are you safe?

Yes. While the PHP repository itself may have been exploited, the backdoor left by the attacker was found before its malicious code reached a PHP release, meaning no released versions of PHP included this backdoor.

The PHP team is currently reviewing the repositories to ensure that no other modifications were made by the attacker, but nothing has been found up to now.

Sign up to our newsletter to be notified of website security notes.

 

Antony Garand is Sucuri's Threat Researcher who joined the company in 2019. Antony's main responsibilities include researching vulnerabilities and dissecting malware. His professional experience covers many years of security research and development. When Antony isn't breaking stuff, you might find him at the dog park or learning new skills. Connect with him on Twitter

Related Tags
Related Categories
You May Also Like