PHP.net hacked, but most things are fine again

Between 22nd and 24th October 2013 php.net served JavaScript malware (that was built to use security holes in the usually insecure Flash player) to users, but php downloads / source tarballs are not affected.

As stated by php.net, everything is fine again. I’ve put a link to the full attacker’s JS code at the end of the article, this might be interesting for JS guys. This will hopefully lead to a rethinking of how php.net handles its server mirroring.

Update: Parts of the site which use SSL are not accessable for a short time.

Update: All passwords for the site have been reset.

Update: The PHP git repo is now read-only.

More here:
http://php.net/archive/2013.php#id2013-10-24-1
http://barracudalabs.com/2013/10/php-net-compromise/

The full code of the attacking malware JavaScript (very interesting read!) can be found here:
http://pastebin.com/XD0KyLxu

This article was written quite a while ago (9 years), please keep this in mind when using the information written here. Links, code and commands might be outdated or broken.

Random articles

1 Comment

Tanmay

April 11, 2015 10:29 pm

Wow!

Reply

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

PHP.net hacked, but most things are fine again

Random articles

1 Comment

Leave A Comment Cancel reply

Frontend Ops Conf 2014 – Sarah Goff-Dupont: Git, Continuous Integration and Making It Pretty (31min video)

Interesting talk on modernizing a legacy PHP codebase

The SSL Heartbleed bug explained in 30 seconds

Two excellent introductions into AngularJS by Todd Motto

Frontend Ops Conf 2014 – Rebooting Flickr On A Node.js Stack, One Page At A Time (from PHP) by Bertrand Fan

A quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on Ubuntu

Vote for “Hack” for HipHop/HHMV support (future style PHP) in PHPStorm 8

Joshua Davis – my hero of Flash – in two excellent interviews (audio, video)

How to setup and use XDEBUG with PHPStorm 6/7 (locally in Windows 7/8 and Mac OS X)

How to center a div vertically and horizontally (modern methods, without fixed size!)

How to install/setup latest version of PHP 5.5 on Debian Wheezy 7.0/7.1/7.2 (and how to fix the GPG key error)

A short & simple Composer tutorial

Increase your HTML / CSS coding speed with EMMET

This is an experimental advertisement

How to enable mod_rewrite in Ubuntu 14.04 LTS

SASSmeister is a real-time JSfiddle for SASS / CSS. Awesome!

Nice gifts for devs: Nerdy playing-cards decks

Awesome list of Design Patterns with PHP code examples

How to copy Vagrant boxes (or duplicate them)

How to install Composer on Windows 7 / 8 or Ubuntu

A super-simple pre-configured Vagrant box with HipHop, Hack and Hack code examples

Redesigning Windows 8 – fantastic and clever drafts by Jay Machalani

Going node.js at Netflix (Slides by Micah R of Netflix)

Slides & talks from PHP UK Conference 2014

Get visitor stats for your GitHub repo with BitDeli