Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
October 25, 2013
Chris
JavaScript, PHP
1

PHP.net hacked, but most things are fine again

PreviousNext
php

Between 22nd and 24th October 2013 php.net served JavaScript malware (that was built to use security holes in the usually insecure Flash player) to users, but php downloads / source tarballs are not affected.

As stated by php.net, everything is fine again. I’ve put a link to the full attacker’s JS code at the end of the article, this might be interesting for JS guys. This will hopefully lead to a rethinking of how php.net handles its server mirroring.

Update: Parts of the site which use SSL are not accessable for a short time.

Update: All passwords for the site have been reset.

Update: The PHP git repo is now read-only.

 

More here:
http://php.net/archive/2013.php#id2013-10-24-1
http://barracudalabs.com/2013/10/php-net-compromise/

The full code of the attacking malware JavaScript (very interesting read!) can be found here:
http://pastebin.com/XD0KyLxu

 

This article was written quite a while ago (9 years), please keep this in mind when using the information written here. Links, code and commands might be outdated or broken.

Random articles

  • The first micro framework written in Hack is there: hack-mvc !The first micro framework written in Hack is there: hack-mvc !
  • Facebook releases HipHop (HHVM) 3.0, adds mysqli and support for Hack languageFacebook releases HipHop (HHVM) 3.0, adds mysqli and support for Hack language
  • Wow! Facebook devs have rewritten and fixed PHP, releasing it as new language called “Hack” todayWow! Facebook devs have rewritten and fixed PHP, releasing it as new language called “Hack” today
  • PHP 5.6 announced, statically typed (!) “new” PHP announced by Facebook devsPHP 5.6 announced, statically typed (!) “new” PHP announced by Facebook devs
  • New GitHub repo: simple php-long-polling for creating real-time appsNew GitHub repo: simple php-long-polling for creating real-time apps
  • PHPStorm: 42 Tips and Tricks (47min video talk by Mikhail Vink at Dutch PHP Conference 2015)PHPStorm: 42 Tips and Tricks (47min video talk by Mikhail Vink at Dutch PHP Conference 2015)
  • What’s new in PHPStorm 9What’s new in PHPStorm 9
  • Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)
  • Experimenting with HHVM at Etsy (Link)Experimenting with HHVM at Etsy (Link)
hackhackedJavaScriptPHP
Share this

1 Comment

  • Tanmay
    April 11, 2015 10:29 pm

    Wow!

    Reply

Leave A Comment Cancel reply

html6

Is this the first HTML6 specification?

  I just found this very interesting “project” including an active, but unpopular GitHub repo: http://html6spec.com/ https://github.com/OscarGodson/HTML6 Looks like these

Hacking ATMs – A conference talk about the current security state of Windows XP driven cash machines

A few days ago the 30th edition of Germany’s Chaos Communication Congress took place, a high-profile event for IT-security and

Adobe releases Firebug-like developer tools to edit and extract PSDs

A big step in frontend-development: According to this presentation on Adobe Max 2014 Adobe has just released a very interesting

php

[Link] How to create, read, update and delete (CRUD) with PDO, MySQLi and MySQL the right way (prepared statements)

Mike Dalisay has written an excellent tutorial on the CORRECT USAGE of basic CRUD functions (create, read, update, delete) with

set up a local virtual machine for development with vagrant and puphpet / puppet (and ubuntu, linux, php, apache, mysql)

A super-simple pre-configured Vagrant box with HipHop, Hack and Hack code examples

Another game-changing project: Victor Berchet‘s HHVM Vagrant box is a simple Ubuntu 12.04 LTS Vagrant-box that comes with preinstalled HHVM/HipHop

How Instagram.com works

This article was written quite a while ago (8 years), please keep this in mind when using the information written

php-legacy-code

Interesting talk on modernizing a legacy PHP codebase

Bringing oldschool PHP applications into 2014 is a big thing, especially when your app is valueable for your client. Paul

The architecture of StackOverflow

One of the most interesting talks these weeks, and a rare insight into one of the most active pages on

phpstorm-github-code-color-syntax-theme

Get Github’s code colors in PHPStorm (2014 style)

I really love the colors on GitHub’s code previews but couldn’t find any themes that copy that in a beautiful

The New Era of JavaScript (28min conference talk, Jack Franklin, 2013)

This article was written quite a while ago (8 years), please keep this in mind when using the information written

1/4

Categories

Search

O’Reilly’s Programming JavaScript Applications by Eric Elliott for free (Early Access release)
MINI, an extremely simple barebone PHP application
phpstorm-8
Ignore .idea folder from git in PHPStorm
Google I/O 2014 – HTTPS Everywhere (video)
offf-2014
Europeans: Get ready for OFFF conference / festival in Barcelona, May 2014
october cms
[Link] How To Install October CMS on a VPS running Ubuntu 14.04
php
How to prevent PHP sessions being shared between different apache vhosts / different applications
ubuntu-14-04-lts lamp
How to install/setup a basic LAMP stack (Linux, Apache, MySQL, PHP) on Ubuntu 12.04 or Debian 7.0/7.1
organizing css
Jonathan Snook – CSS is a Mess – How to organize CSS in big projects (54min video talk)
This picture shows the icon of blindness
How blind people use websites (video with Sina Bahram, blind accessibility researcher)
DEF CON 18 – When your computer got stolen and you can still SSH into it: “Pwned by the 0wner” (22min conference talk)
bash-command-line-tutorial
Best introduction to unix command line / bash ever (by André Augusto Costa Santos)
php-legacy-code
Interesting talk on modernizing a legacy PHP codebase
phpstorm-github-code-color-syntax-theme
Get Github’s syntax highlighting colors in PHPStorm
php
Awesome list of Design Patterns with PHP code examples

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy
 
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT