• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login
PHP repository exploited by hackers

PHP Repository Exploited by Hackers

March 29, 2021Antony Garand

317
SHARES
FacebookTwitterSubscribe

The official PHP git repository, http://git.php.net/, was compromised this Sunday, March 28.

An attacker was able to modify the PHP source code twice and inject a backdoor into it. Thankfully, both attempts were quickly detected and removed by the PHP team.

Per a statement released in PHP’s internal mailing list, the current investigation believes the git.php.net server itself has been compromised rather than the individual’s account.

Everything points towards a compromise of the git.php.net server.

To prevent this from reoccurring, the official git repository will switch from their own git.php.net to the mirror on github.

While investigation is still underway, we have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the git.php.net server.

Are you safe?

Yes. While the PHP repository itself may have been exploited, the backdoor left by the attacker was found before its malicious code reached a PHP release, meaning no released versions of PHP included this backdoor.

The PHP team is currently reviewing the repositories to ensure that no other modifications were made by the attacker, but nothing has been found up to now.

Sign up to our newsletter to be notified of website security notes.

 

317
SHARES
FacebookTwitterSubscribe

Categories: Security Advisory, Vulnerability Disclosure, Web ProsTags: Black Hat Tactics, Website Backdoor

About Antony Garand

Antony Garand is Sucuri's Threat Researcher who joined the company in 2019. Antony's main responsibilities include researching vulnerabilities and dissecting malware. His professional experience covers many years of security research and development. When Antony isn't breaking stuff, you might find him at the dog park or learning new skills. Connect with him on Twitter

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

How to Add Security to Customer Websites Email Course

How to Clean a Hacked Website Guide

Referral Program Guide

Website Security for your Customers

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.