PHP.net hacked, but most things are fine again

Between 22nd and 24th October 2013 php.net served JavaScript malware (that was built to use security holes in the usually insecure Flash player) to users, but php downloads / source tarballs are not affected.

As stated by php.net, everything is fine again. I’ve put a link to the full attacker’s JS code at the end of the article, this might be interesting for JS guys. This will hopefully lead to a rethinking of how php.net handles its server mirroring.

Update: Parts of the site which use SSL are not accessable for a short time.

Update: All passwords for the site have been reset.

Update: The PHP git repo is now read-only.

More here:
http://php.net/archive/2013.php#id2013-10-24-1
http://barracudalabs.com/2013/10/php-net-compromise/

The full code of the attacking malware JavaScript (very interesting read!) can be found here:
http://pastebin.com/XD0KyLxu

PHP.net hacked, but most things are fine again

A quick video introduction into Shadow-DOM, the game-changing DOM-subtree-technology

A super-simple pre-configured Vagrant box with HipHop, Hack and Hack code examples

Redesigning Windows 8 – fantastic and clever drafts by Jay Machalani

PHPStorm 8 has just been released

How to install/setup latest version of PHP 5.5 on Debian Wheezy 7.0/7.1/7.2 (and how to fix the GPG key error)

Experimenting with HHVM at Etsy (Link)

Push database changes to all clients in real-time (!) with AngularJS and Firebase

A preinstalled Vagrant box with PHP HipHop / HHVM and Ubuntu 12.04 (Precise Pangolin)

Get Github’s code colors in PHPStorm (2014 style)

Increase your PageSpeed score (10min video with Matt Gaunt)

Compress png, jpeg, gif and svg up to 90% with Compressor.io

[Link] How to require versions of PHP, HHVM / HipHop, GD, curl, openssl etc. with Composer

[Link] Redesigning SoundCloud by Evan Simoni

How to install/setup latest version of PHP 5.5 on Debian Wheezy 7.0/7.1/7.2 (and how to fix the GPG key error)

How to copy Vagrant boxes (or duplicate them)

Two excellent introductions into AngularJS by Todd Motto

Experimenting with HHVM at Etsy (Link)

How to show the available version of a package (before doing apt-get install)

This is an experimental advertisement

Wow! Facebook devs have rewritten and fixed PHP, releasing it as new language called “Hack” today

Free $10 coupon for DigitalOcean SSD cloud VPS hosting

Frontend Ops Conf 2014 – Paul Irish: Delivering The Goods In Under 1000ms (40min video)

Creators of Laravel launch one-click-installations of Laravel (including nginx, PHP 5.5 etc.)