TeamHood PHP is the latest victim of source code attack. PHP Git repository was hacked and source code was tampered. A couple of malicious code was committed to php-src Git repository.
It was told that RCE backdoor was planted on PHP Git server. In an attempt to compromise the PHP code base, two malicious commits were pushed to the official PHP Git repository yesterday.
As per PHP maintainer Nikita Popov “The first commit was found a couple hours after it was made, as part of routine post-commit code review. The changes were rather obviously malicious and reverted right away,”
The malicious commit was made in the name of PHP creator, Rasmus Lerdorf.
According to PHP maintainers, this malicious activity stemmed from the compromised git.php.net server, rather than compromise of an individual’s Git account.
PHP official code base migrated to GitHub
As a precaution following this incident, PHP maintainers have decided to migrate the official PHP source code repository to GitHub.
“While investigation is still underway, we have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the git.php.net server.”
“Instead, the repositories on GitHub, which were previously only mirrors, will become canonical,” announced Popov.
With this change going forward Popov insists that any code changes be pushed directly to GitHub rather than the git.php.net server from this point on.
Those interested in contributing to the PHP project will now need to be added as a part of PHP organization on GitHub.
The instructions on that are provided in the same security announcement.
For membership in the organization you would need to have two-factor authentication (2FA) enabled on your GitHub account.
“We’re reviewing the repositories for any corruption beyond the two referenced commits,” says Popov
