Backdoor quickly spotted and reverted
The main code repository for PHP, which powers nearly 80 per cent of the internet, was breached to add malicious code and is now being moved to GitHub as a precaution.
“Yesterday (2021-03-28) two malicious commits were pushed to the php-src repo from the names of Rasmus Lerdorf and myself. We don’t yet know how exactly this happened, but everything points towards a compromise of the git.php.net server (rather than a compromise of an individual git account),” said PHP maintainer Nikita Popov, who works with the PHP team at JetBrains.
The malicious code is a backdoor into servers running the modified version. “This line executes PHP code from within the useragent HTTP header, if the string starts with ‘zerodium’,” explained PHP developer Jake Birchall.
