PHP Git Server Cyberattack: What Should You Know?
“Yesterday (2021-03-28) two malicious commits were pushed to the php-src repo  from the names of Rasmus Lerdorf and myself. We don’t yet know how exactly this happened, but everything points towards a compromise of the git.php.net server (rather than a compromise of an individual git account),” said software developer Nikita Popov in his description of the attack.
The investigation of the cybersecurity attack is still taking place. However, the developers decided that maintaining their own git infrastructure “is an unnecessary security risk.” Thus, they decided to discontinue the git.php.net server.
“Instead, the repositories on GitHub, which were previously only mirrors, will become canonical. This means that changes should be pushed directly to GitHub rather than to git.php.net,” Popov explained.
In other words, from now on, software developers will have to be part of PHP’s GitHub organization. Developers that aren’t part of the organization or don’t have access to a specific repository, should get in touch with Popov.
Did you know?
Nearly 80% of all websites run on PHP. More particularly, “PHP is used by 78.9% of all the websites whose server-side programming language we know”, according to W3Techs statistics. This means that any vulnerabilities in PHP could affect a large number of web applications that utilize the language, including websites that run on content management systems such as WordPress and Drupal.