PHP repository moved to GitHub after malicious code inserted under creator Rasmus Lerdorf's name

2021-03-29 11:46

The main code repository for PHP, which powers nearly 80 per cent of the internet, was breached to add malicious code and is now being moved to GitHub as a precaution.

"Yesterday two malicious commits were pushed to the php-src repo from the names of Rasmus Lerdorf and myself. We don't yet know how exactly this happened, but everything points towards a compromise of the git.php.net server," said PHP maintainer Nikita Popov, who works with the PHP team at JetBrains.

"This line executes PHP code from within the useragent HTTP header, if the string starts with 'zerodium'," explained PHP developer Jake Birchall.

The code was inserted under the misleading name "Fix typo" and claimed to be signed off by Rasmus Lerdorf, the creator of PHP. The attribution is "Just part of the commit message," said Popov in a discussion on StackOverflow.

Write access to PHP repositories will now require membership of the PHP organisation as well as enabling two-factor authentication for GitHub.

The successful breach of the main PHP repository is a matter of great concern, as well as raising the question of how well other open-source repositories are protected - though the speed at which the PHP community noticed the problem is reassuring.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/03/29/php_repository_infected/

#github #PHP

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
PHP		21	25	309	220	84	638
Github		12	3	40	30	15	88