⬆️ ⬇️

php.net is compromised

A few hours ago, it became known that the well-known website for PHP developers - php.net was compromised by malicious content (JavaScript) and delivers malware to users through a set of exploits.



We are continuing to work through the php.net malware today. As part of this, the php.net has been compromised: the server which hosted the www.php.net , static.php.net and git.php .net domains, it was suspected based on the JavaScript malware, and the server hosting bugs.php.net . The method by which these servers were compromised is unknown at this time.


A further update on php.net





')

One of our research tools flagged php.net as distributing malware. It appears that it has been the site of the javascript.


Barracuda labs



A statement from php.net says that the website got on Google’s “dark list” and was recorded as suspicious by the safe browsing service , after which the administrators began investigating the compromise case.



Malicious software that was installed by users:



VT sample1

VT sample2

VT sample3

VT sample4

VT sample5

Source: https://habr.com/ru/post/199000/



All Articles