Security News > 2021 > March > Attackers tried to insert backdoor into PHP source code
The PHP development team has averted an attempted supply chain compromise that could have opened a backdoor into many web servers.
Php.net server," developer Nikita Popov explained in a message sent out through one of the project's mailing lists.
Had they succeeded, the attackers would have been able to use the backdoor to execute malicious PHP code on targeted servers.
The PHP development team is still investigating and reviewing the repositories for any corruption beyond those two commits but, in the meantime, they also decided to stop using their own git infrastructure and make the GitHub repositories canonical.
Php.net server has been compromised, but that it is possible that the master.
Some things about the incident are still unclear but, in the meantime, the PHP team has reset all php.net passwords and is asking users to set a new one for their account.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/y0_8WGJflWg/