Hackers Add a Backdoor to PHP Source Code; 79% of Websites Use PHP

According to the Bleeping Computer new service, PHP’s Git server was hacked via a backdoor to the PHP source code.

PHP is a general-purpose scripting language especially suited to web development. Typically a server-side programming language, PHP powers many sites on the internet including big players like Wikipedia and Facebook.

In this latest attack the official PHP Git repository was hit and the code base was tampered with.

Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.php.net server. The threat actors had signed off on these commits as if these were made by known PHP developers and maintainers, Rasmus Lerdorf  and Nikita Popov.

In an attempt to compromise the PHP code base, two malicious commits were pushed to the official PHP Git repository yesterday.

The incident is alarming considering PHP remains the server-side programming language to power over 79% of the websites on the Internet.

As a precaution following this incident, PHP maintainers have decided to migrate the official PHP source code repository to GitHub.

“While investigation is still underway, we have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the git.php.net server.”

“Instead, the repositories on GitHub, which were previously only mirrors, will become canonical,” announced Popov.

With this change going forward Popov insists that any code changes be pushed directly to GitHub rather than the git.php.net server from this point on.

via Bleeping Computer

Source: [1] https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/