Hackers tried to plant a backdoor into PHP


 

Unidentified hackers have attempted to implant malicious code in PHP, the programming language used on an estimated 79 per cent of websites. The developers who maintain PHP said the attackers had compromised the PHP server and made two commitments or attempted to make changes to the language's source code. The commitments are presented under the account names of two well-known PHP developers, Rasmus Lerdorf and Nikita Popov.


Popov wrote in a statement, We don't know how exactly this happened yet, but everything points to a git.php.net hack rather than a single git account hack.


While the investigation was still ongoing, the developers decided that maintaining their standalone Git infrastructure was an unnecessary security risk and that they had shut down the git.php.net server.


Popov said, PHP is moving its code repositories to GitHub, which is an open source platform for software developers.


This is just one example of the supply chain vulnerabilities inherent in the backbone of popular websites. Developers who preserve the code discovered the malicious code before it was presented to the public via websites. Had the malicious code been spread, the attackers could have tampered with many websites. The back door would make the sites completely hijacked and allow visitors to execute the code of their choice without permission.


PHP was integrated into 79 per cent of the websites surveyed by the W3Tech advisory, including Facebook and Zoom. PHP vulnerabilities tend to be exposed through an urgent call to users to update their software due to the widespread use of the programming language. The incident underscores why software development parks are attractive targets for supply chain penetration, as users trust code delivered from legitimate sources.


GitHub, which has tens of millions of users, struggled with code-tampering last year. Hackers were able to use GitHub to spread malicious code across 26 different software projects within the platform before the investigators removed the malware.

0 views0 comments

Recent Posts

See All