PHP.net hacked, but most things are fine again

Between 22nd and 24th October 2013 php.net served JavaScript malware (that was built to use security holes in the usually insecure Flash player) to users, but php downloads / source tarballs are not affected.

As stated by php.net, everything is fine again. I’ve put a link to the full attacker’s JS code at the end of the article, this might be interesting for JS guys. This will hopefully lead to a rethinking of how php.net handles its server mirroring.

Update: Parts of the site which use SSL are not accessable for a short time.

Update: All passwords for the site have been reset.

Update: The PHP git repo is now read-only.

More here:
http://php.net/archive/2013.php#id2013-10-24-1
http://barracudalabs.com/2013/10/php-net-compromise/

The full code of the attacking malware JavaScript (very interesting read!) can be found here:
http://pastebin.com/XD0KyLxu

PHP.net hacked, but most things are fine again

How to prevent PHP sessions being shared between different apache vhosts / different applications

JavaScript Testing Tactics (21min video by Justin Searls)

“Fuck you. Pay Me.” How to deal with clients, the professional way. An excellent talk with Mike Monteiro.

HipHop VM reaches 100% green Unit Tests in Laravel, Drupal, Slim, CodeIgniter etc.

Awesome list of Design Patterns with PHP code examples

PHPStorm 7 has been released!

[Link] How to require versions of PHP, HHVM / HipHop, GD, curl, openssl etc. with Composer

New GitHub repo: simple php-long-polling for creating real-time apps

GitHub buys Easel.io, a code-free full website creator worth a look

PHPStorm: 42 Tips and Tricks (47min video talk by Mikhail Vink at Dutch PHP Conference 2015)

Preview-release of (my) “php-mvc” project (a simple php mvc barebone)

This is an experimental advertisement

The architecture of StackOverflow

[Link] How to create, read, update and delete (CRUD) with PDO, MySQLi and MySQL the right way (prepared statements)

PHP Caching Best Practices by Eli White (video from PHP UK Conference 2014)

A list of downloadable Vagrant boxes (CentOS 5.9 / 6.4, Ubuntu 12 / 13, Debian 6 / 7 / 7.1 / 7.2)

Why Modern PHP is Awesome And How You Can Use It Today (Slides by Matt Stauffer)

GitHub finally introduces repo traffic stats

Adobe releases Firebug-like developer tools to edit and extract PSDs

The New Era of JavaScript (28min conference talk, Jack Franklin, 2013)

October CMS, built on top of Laravel, is beautiful, clever and on the way to be the new #1 CMS

How to setup a local server (in a virtual machine) with Vagrant in PHPStorm

Slides from International PHP Conference 2014

Awesome next-gen PS4 graphics in “The Order: 1886”