Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
October 25, 2013
Chris
JavaScript, PHP
1

PHP.net hacked, but most things are fine again

PreviousNext
php

Between 22nd and 24th October 2013 php.net served JavaScript malware (that was built to use security holes in the usually insecure Flash player) to users, but php downloads / source tarballs are not affected.

As stated by php.net, everything is fine again. I’ve put a link to the full attacker’s JS code at the end of the article, this might be interesting for JS guys. This will hopefully lead to a rethinking of how php.net handles its server mirroring.

Update: Parts of the site which use SSL are not accessable for a short time.

Update: All passwords for the site have been reset.

Update: The PHP git repo is now read-only.

 

More here:
http://php.net/archive/2013.php#id2013-10-24-1
http://barracudalabs.com/2013/10/php-net-compromise/

The full code of the attacking malware JavaScript (very interesting read!) can be found here:
http://pastebin.com/XD0KyLxu

 

This article was written quite a while ago (10 years), please keep this in mind when using the information written here. Links, code and commands might be outdated or broken.

Random articles

  • The first micro framework written in Hack is there: hack-mvc !The first micro framework written in Hack is there: hack-mvc !
  • Facebook releases HipHop (HHVM) 3.0, adds mysqli and support for Hack languageFacebook releases HipHop (HHVM) 3.0, adds mysqli and support for Hack language
  • Wow! Facebook devs have rewritten and fixed PHP, releasing it as new language called “Hack” todayWow! Facebook devs have rewritten and fixed PHP, releasing it as new language called “Hack” today
  • PHP 5.6 announced, statically typed (!) “new” PHP announced by Facebook devsPHP 5.6 announced, statically typed (!) “new” PHP announced by Facebook devs
  • New GitHub repo: simple php-long-polling for creating real-time appsNew GitHub repo: simple php-long-polling for creating real-time apps
  • PHPStorm: 42 Tips and Tricks (47min video talk by Mikhail Vink at Dutch PHP Conference 2015)PHPStorm: 42 Tips and Tricks (47min video talk by Mikhail Vink at Dutch PHP Conference 2015)
  • What’s new in PHPStorm 9What’s new in PHPStorm 9
  • Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)
  • Experimenting with HHVM at Etsy (Link)Experimenting with HHVM at Etsy (Link)
hackhackedJavaScriptPHP
Share this

1 Comment

  • Tanmay
    April 11, 2015 10:29 pm

    Wow!

    Reply

Leave A Comment Cancel reply

hack-php

Wow! Facebook devs have rewritten and fixed PHP, releasing it as new language called “Hack” today

Exciting stuff is happening: Some years ago Facebook has released an early preview of HipHop, a virtual machine that precompiles

composer

How to install Composer on Windows 7 / 8 or Ubuntu

Installation on Windows 7 / 8 Installing Composer on Windows 7 or 8 is extremely easy: Get the latest version

battlefield-3-free

Electronic Arts / Origin offers Battlefield 3 for free (limited promo action) !

A little bit off-topic, but definitly cool: EA offers the award-winning Battlefield 3 for free these days, but only for

How to install/setup latest version of PHPMyAdmin on Ubuntu 12.04 LTS (Precise Pangolin)

As the official installation packages of most linux distributions are usually totally out of date (but that’s pure intention, to

vagrant

How to setup a (or multiple) server/LAMP-stack inside a virtual machine for local development with Vagrant and PuPHPet

You know this: You need a new server, something to develop on, something to test on, something to put your

php

A super-simple introduction into PHP namespaces (7min video)

Once again, Jesse of JREAM totally nails it right on the head. A super-simple introduction into PHP namespaces. If you

How to show the available version of a package (before doing apt-get install)

To show the version of the package that will be installed with apt-get install, do apt-cache policy packagename. To show

composer

The difference between “composer install” and “composer update” – nailed on the head

What a beautiful, direct and clean explaination of the often-confusing difference between composer install and composer update: Beau Simensen (Twitter,

php-phalcon-logo

Which PHP-framework to learn in 2014 ? PHALCON, by far the fastest ever!

Hey guys, just a short little article between the years: If you have the possibility to learn and use a

vagrant

A preinstalled Vagrant box with PHP HipHop / HHVM and Ubuntu 13.10 (Saucy Salamander)

Here’s an excellent downloadable Vagrant box that’s brings you a preinstalled HHVM / HipHop for PHP within a Ubuntu 13.10

1/4

Categories

Search

vagrant
A preinstalled Vagrant box with PHP HipHop / HHVM and Ubuntu 13.10 (Saucy Salamander)
GitHub introduces revert button / rollback for merged pull requests
java vs php
Switching from Java to PHP. Seriously. A very interesting and pre-judice-free talk with Ph.D. Aris Zakinthinos
js javascript
Push database changes to all clients in real-time (!) with AngularJS and Firebase
composer
[Link] How to require versions of PHP, HHVM / HipHop, GD, curl, openssl etc. with Composer
-45% (or even 50%) off on DesignWall today
hiphop php
[Link] How to set up HipHop, Nginx and Laravel in Ubuntu 12.04 LTS (in a Vagrant box)
cheap cloud server php
DigitalOcean rolls out interesting feature: Transfering server snapshots directly to the client’s account
the-php-login-project
How to install php-login-minimal on Ubuntu 12.04 LTS
Create a fast, perfect and bootable 1:1 Windows backup (full clone of HDD) for SSD migration
battlefield-3-free
Electronic Arts / Origin offers Battlefield 3 for free (limited promo action) !
Berlin, prepare for TOA conference (15th – 17th of July)
php
[Link] How to create, read, update and delete (CRUD) with PDO, MySQLi and MySQL the right way (prepared statements)
phpstorm 7.0 php
How to setup and use XDEBUG with PHPStorm 6/7 (locally in Windows 7/8 and Mac OS X)
digitalocean coupon
DigitalOcean VPS coupon codes for december 2013 and early 2014

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy
 
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT