Home > Cyber News > PHP Git Server Hit in a Cyberattack

PHP Git Server Hit in a Cyberattack

The official PHP Git server was recently compromised in a software supply chain attack. The attackers pushed unauthorized updates to implant a backdoor in the server’s source code.

PHP Git Server Cyberattack: What Should You Know?

“Yesterday (2021-03-28) two malicious commits were pushed to the php-src repo [1] from the names of Rasmus Lerdorf and myself. We don’t yet know how exactly this happened, but everything points towards a compromise of the git.php.net server (rather than a compromise of an individual git account),” said software developer Nikita Popov in his description of the attack.

The investigation of the cybersecurity attack is still taking place. However, the developers decided that maintaining their own git infrastructure “is an unnecessary security risk.” Thus, they decided to discontinue the git.php.net server.

“Instead, the repositories on GitHub, which were previously only mirrors, will become canonical. This means that changes should be pushed directly to GitHub rather than to git.php.net,” Popov explained.

In other words, from now on, software developers will have to be part of PHP’s GitHub organization. Developers that aren’t part of the organization or don’t have access to a specific repository, should get in touch with Popov.

Did you know?
Nearly 80% of all websites run on PHP. More particularly, “PHP is used by 78.9% of all the websites whose server-side programming language we know”, according to W3Techs statistics. This means that any vulnerabilities in PHP could affect a large number of web applications that utilize the language, including websites that run on content management systems such as WordPress and Drupal.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree