Cyber hackers manipulated the PHP project's Git server by inserting a backdoor into the source code. After rapid detection, the team migrated the code to Github to reinforce security. The attack revealed vulnerabilities in the Git infrastructure used by the PHP community.
Cyber hackers have successfully manipulated the PHP project's Git server, inserting a backdoor into the source code of the famous programming language. This attack would have made servers using this altered version of PHP vulnerable to external attacks.
The attack targeted the PHP community's Git server, a platform where developers collaborate to improve the language. According to specialist site Bleeping Computer, the hackers managed to submit a code modification, or “commit”, under the name of PHP inventor Rasmus Lerdorf. The commit's commentary mentioned an “insignificant typographical correction”, thus masking the attackers' true intention.
Fortunately, the attack was quickly detected. It took a PHP developer a few hours to spot and undo the malicious change. It appears that the attackers did not use a hacked user account, but exploited vulnerabilities in the targeted Git server.
In response to this threat, the PHP development team took the decision to migrate the language's source code to Github, abandoning the use of the git.php.net server. This was seen as a necessary measure to avoid further security risks linked to their own Git infrastructure.
Source : ICTjournal
