PHP.net hacked, but most things are fine again

Between 22nd and 24th October 2013 php.net served JavaScript malware (that was built to use security holes in the usually insecure Flash player) to users, but php downloads / source tarballs are not affected.

As stated by php.net, everything is fine again. I’ve put a link to the full attacker’s JS code at the end of the article, this might be interesting for JS guys. This will hopefully lead to a rethinking of how php.net handles its server mirroring.

Update: Parts of the site which use SSL are not accessable for a short time.

Update: All passwords for the site have been reset.

Update: The PHP git repo is now read-only.

More here:
http://php.net/archive/2013.php#id2013-10-24-1
http://barracudalabs.com/2013/10/php-net-compromise/

The full code of the attacking malware JavaScript (very interesting read!) can be found here:
http://pastebin.com/XD0KyLxu

PHP.net hacked, but most things are fine again

Extremely simple deployment with PHPloy

Two excellent introductions into AngularJS by Todd Motto

Support FLARUM, the future of PHP forum scripts (with some dollars on Kickstarter)

Slides from International PHP Conference 2014

The difference between “composer install” and “composer update” – nailed on the head

12 tools for better PHP quality

PHPStorm: 42 Tips and Tricks (47min video talk by Mikhail Vink at Dutch PHP Conference 2015)

This is an experimental advertisement

Sitepoint asks for your favourite PHP IDE – take part!

Awesome next-gen PS4 graphics in “The Order: 1886”

PHPMyAdmin not found after installation ? Here’s a fix (Ubuntu 12.04) !

PHPStorm: 42 Tips and Tricks (47min video talk by Mikhail Vink at Dutch PHP Conference 2015)

Extremely simple deployment with PHPloy

How to hack time (KUNG FURY promo campaign)

Creator of Slim framework and “PHP – The right way” writes book: “Modern PHP”, available 2015

Frontend Ops Conf 2014 – Sarah Goff-Dupont: Git, Continuous Integration and Making It Pretty (31min video)

Preview-release of (my) “php-mvc” project (a simple php mvc barebone)

Why Modern PHP is Awesome And How You Can Use It Today (Slides by Matt Stauffer)

How to show memory usage (Ubuntu)

A quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on Ubuntu

How to install/setup latest version of PHP 5.5 on Debian Wheezy 7.0/7.1/7.2 (and how to fix the GPG key error)

Interesting talk on modernizing a legacy PHP codebase

O’Reilly’s Learning JavaScript Design Patterns by Addy Osmani for free

Redesigning Windows 8 – fantastic and clever drafts by Jay Machalani