Hackers compromise official PHP website, infect visitors with malware (updated)

Maintainers of the open-source PHP programming language have locked down the php.net website after discovering two of its servers were hacked to host malicious code designed to surreptitiously install malware on visitors' computers.

The compromise was discovered Thursday morning by Google's safe browsing service, which helps the Chrome, Firefox, and Safari browsers automatically block sites that serve drive-by exploits. Traces of the malicious JavaScript code served to some php.net visitors were captured and posted to Hacker News here and, in the form of a pcap file, to a Barracuda Networks blog post here. The attacks started Tuesday and lasted through Thursday morning, PHP officials wrote in a statement posted late that evening.

Eventually, the site was moved to a new set of servers, PHP officials wrote in an earlier statement. There's no evidence that any of the code they maintain has been altered, they added. Encrypted HTTPS access to php.net websites is temporarily unavailable until a new secure sockets layer certificate is issued and installed. The old certificate was revoked out of concern that the intruders may have accessed the private encryption key. User passwords will be reset in the coming days. At press time, there was no indication of any further compromise.

Read 8 remaining paragraphs | Comments