Lagos, Nigeria

PHP programming language source code targeted in backdoor attack

Malicious commits were made to the php-src repo on Sunday that could have enabled hackers to perform remote code execution on websites running the hijacked code.


The PHP code repo has been moved to GitHub as a precaution

The main Git repository for the PHP programming language has been moved to GitHub after hackers tried to insert a backdoor into the source code.

Two malicious commits were pushed to the

Git code repo on Sunday, March 28, and signed off under the names of PHP creator, Rasmus Lerdorf, and maintainer Nikita Popov.

The original code was restored after the issue was discovered, but then tampered with a second time.

The breach would have created a backdoor in any websites that ran the compromised version of PHP, enabling hackers to perform remote code execution on the site.

Remote code execution enables a malicious actor to exploit vulnerabilities in a system or network via the internet, essentially allowing them to hijack the system in question.  

SEE: Incident response policy (TechRepublic Premium)

Popov, who works for the PHP development team at JetBrains, said the PHP code base would be moved to GitHub while investigations were still underway into how the breach occurred.

“They were spotted are rectified by Popov, only for bad actors to reinsert the malicious code a few hours later,” said Popov.

“While [an] investigation is still underway, we have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the server. Instead, the repositories on GitHub, which were previously only mirrors, will become canonical.

“This means that changes should be pushed directly to GitHub rather than to”

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)

While the malicious code was spotted before any harm was done, the consequences of a successful attack are worrying when you consider that PHP underpins much of the modern internet

According to statistics site W3Tech, almost 80% of websites on the internet are written in PHP. The
latest TIOBE index

ranks the programming language as the 8th most popular globally.

Going forward, developers who require write access to the PHP code base will need to be part of the PHP organization on GitHub, said Popov, which also requires two-factor authentication to be enabled.

“This change also means that it is now possible to merge pull requests directly from the GitHub web interface,” Popov added.

“We’re reviewing the repositories for any corruption beyond the two referenced commits. Please contact if you notice anything.”

Also see

This post was written by and was first posted to TechRepublic

Do you find this article helpful? Your Friend might too. So, please Share it with them using the Share button above.
Will you like to get notified when I post new updates? Then Follow me on any of my social media handles: Google News, Telegram, WhatsApp, Twitter, Facebook, Pinterest.
You can also drop your email address below if you wish to be notified by mail.

Tags: ,

%d bloggers like this: