Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    PHP Internal Git Server Hacked, Backdoor Inserted into Source

    Discuss
    php security
    4
    4
    76
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JLX89 last edited by girish

      Looks like the current trend of supply chain attacks has hit PHP.

      Link to Announcement

      1 Reply Last reply Reply Quote 3
      • girish
        girish Staff last edited by

        Looks like they will switch over to GitHub as main repo instead of their current https://git.php.net/ because of the security incident.

        imc67 1 Reply Last reply Reply Quote 0
        • imc67
          imc67 @girish last edited by

          @girish interesting analyse:

          https://www.wordfence.com/blog/2021/03/php-compromised-what-wordpress-users-need-to-know/

          1 Reply Last reply Reply Quote 2
          • M
            murgero App Dev last edited by

            The backdoor was removed before it was compiled into a binary for admins to download so there is no issue for anyone running PHP. However this does prove to be an issues in regards to PHP's safety - They have moved to GitHub (@girish mentions in his reply) and will be better closely monitoring pushes and merges into the code base.

            PHP's Own Nikita Popov: "The changes were on the development branch for PHP 8.1, which is due to release at the end of the year" which means the code has not been distributed. It's a big deal but not as big as everyone is making it out to be.

            Hopefully this does NOT happen again.

            1 Reply Last reply Reply Quote 2
            • First post
              Last post