PHP code repository hacked: very loud alarm for the language used by nearly 80% of all websites

 

On Sunday, March 28th, hackers gained access to Git's internal repository for the PHP programming language and were able to add a backdoor to its source code. We are talking about the language most used across the web, which is estimated to be in use by 79.1% of all websites.



As indicated in the PHP mailing lists, the attack introduced two malicious changes to the php-src repository, and although the cause is still unknown and an investigation is underway, everything indicates that the official git.php.net server has been hacked.


This hack was first discovered by Michael Voíšek, a software engineer from the Czech Republic. If this malicious code had reached a stage, it could allow hackers to run their own malicious PHP commands on victims' servers.



Zerodium is a popular cybersecurity platform that specializes in the acquisition and sale of zero-day vulnerabilities. Zerodium has already stated that it has nothing to do with this hack, so it is believed that whoever hacked the code wasn't seeking to be something cryptic, but its intentions are unknown.


 With the research going on and a more comprehensive review of the PHP source code, and avoiding the security risk, it was decided to shut down the git.php.net server.


Although the incident was resolved quickly, in practice it would have affected a small portion of the systems that use PHP servers, since it is typical that most of them take a long time to update to the latest version.


Reports: An organized hacking campaign targeting WhatsApp users

Xiaomi unveils the expected price for its highly anticipated smart electric car