Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Discuss
  3. PHP Internal Git Server Hacked, Backdoor Inserted into Source

PHP Internal Git Server Hacked, Backdoor Inserted into Source

Scheduled Pinned Locked Moved Discuss
phpsecurity
4 Posts 4 Posters 776 Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      J Offline
      JLX89
      wrote on last edited by girish
      #1

      Looks like the current trend of supply chain attacks has hit PHP.

      Link to Announcement

      1 Reply Last reply
      2
      • girishG Offline
        girishG Offline
        girish
        Staff
        wrote on last edited by
        #2

        Looks like they will switch over to GitHub as main repo instead of their current https://git.php.net/ because of the security incident.

        imc67I 1 Reply Last reply
        0
        • girishG girish

          Looks like they will switch over to GitHub as main repo instead of their current https://git.php.net/ because of the security incident.

          imc67I Online
          imc67I Online
          imc67
          translator
          wrote on last edited by
          #3

          @girish interesting analyse:

          https://www.wordfence.com/blog/2021/03/php-compromised-what-wordpress-users-need-to-know/

          1 Reply Last reply
          2
          • murgeroM Offline
            murgeroM Offline
            murgero
            App Dev
            wrote on last edited by
            #4

            The backdoor was removed before it was compiled into a binary for admins to download so there is no issue for anyone running PHP. However this does prove to be an issues in regards to PHP's safety - They have moved to GitHub (@girish mentions in his reply) and will be better closely monitoring pushes and merges into the code base.

            PHP's Own Nikita Popov: "The changes were on the development branch for PHP 8.1, which is due to release at the end of the year" which means the code has not been distributed. It's a big deal but not as big as everyone is making it out to be.

            Hopefully this does NOT happen again.

            --
            https://urgero.org
            ~ Professional Nerd. Freelance Programmer. ~

            1 Reply Last reply
            1
            Reply
            • Reply as topic
            Log in to reply
            • Oldest to Newest
            • Newest to Oldest
            • Most Votes


              • Login

              • Don't have an account? Register

              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • Bookmarks
              • Search