In Git repository of PHP project, malicious changes are revealed

Project developers PHP warned About compromising the Git repository of the project and discovery of two malicious commits added on March 28 In the PHP-SRC repository on behalf of Lerdorf Rasmus, Founder PHP, and Nikita Popova, one of the key developers PHP.

Since there is no confidence in the reliability of the server, on which the Git repository was placed, the developers decided that maintaining the Git infrastructure forces creates additional security risks and moved the reference repository to the GitHub platform, which is proposed to be used as primary. All changes from now on should be sent to GitHub, and not on Git.php.NET, including when developing, you can now use the Github web-interface.

in first malicious commite Under the guise of correcting typos in the EXT / ZLIB / zlib.c file Change that runs the PHP code transmitted to the User Agent http header if the content begins with the word “zerodium”. After the developers noticed a malicious change and canceled it, in the repository appeared The second commit , which canceled the action of the PHP developers In returned a malicious change.

Currently, there is no detailed information about the incident, it is assumed only that the changes were added as a result of hacking the Git.php.NET server, and not compromising individual developer accounts. An analysis of the repository has begun for other malicious changes in addition to identified problems. Everyone will be invited to review, when discussed suspicious changes, send information to the [email protected].

As for the transition to GitHub, then to gain access to a new repository to developing participants should be included in the organization PHP. Those who are not included in the number of PHP developers on GitHub should be contacted Nikita Popov by email [email protected]. To add a mandatory requirement is the inclusion of two-factor authentication.

/Media reports.