In another attack instance in the software supply chain, someone hacked into the official PHP programming language Git server and sent unauthorized updates to insert a secret backdoor in its source code

Both malicious commits were pushed to the self-hosted repository “php-src” hosted on the gitphpnet server, illicitly using the names of Rasmus Lerdorf, the author of the programming language, et de Nikita Popov, software developer at Jetbrains

“We don't know exactly how it went yet, but everything indicates a compromise of the net gitphpserver (rather than the compromise of an individual git account) “, Popov said in an ad

Modifications, which have been validated as “Correction de typo” in an attempt to go unnoticed as a typographical correction, involved provisions for the arbitrary execution of arbitrary PHP code. “This line executes the PHP code from the useragent HTTP header, if the string begins with ‘zerodium '”, said PHP developer Jake Birchall.

In addition to canceling the changes, PHP maintainers would examine repositories for any corruption beyond the two aforementioned commits It is not immediately clear whether the corrupted codebase was uploaded and distributed by other parties before the changes were detected and rolled back.

Following the incident, the team behind PHP is making a number of changes, including migration from source code repository to GitHub, with changes to be pushed directly on GitHub rather than on gitphpnet in the future., contributing to the PHP project will now require adding developers as part of the organization on GitHub

The development comes nearly two months after researchers demonstrated a new supply chain attack called “dependency confusion”, designed to execute unauthorized code in a target's internal software creation system.

We have contacted PHP officials regarding the incident and will update the story if we have any news.

Sign up for the cybersecurity newsletter and receive the latest news direct to your inbox daily

PHP, Git, code source, backdoor

News – United States – PHP Git server hacked to insert secret backdoor in its source code
Associated title :
PHP& # 39; s Git Server hacked to insert a secret backdoor into its source code
PHP& # Server Git server hacked to add backdoors to PHP source code


Building on its expertise in the areas of digital, technologies and processes , CSS Engineering you in your most ambitious transformation projects and helps you bring out new ideas, new offers, new modes of collaboration, new ways of producing and selling.

CSS Engineering is involved in projects each customer as if it were his own. We believe a consulting company should be more than an advisor. We put ourselves in the place of our customers, to align we incentives to their goals, and collaborate to unlock the full potential their business. This establishes deep relationships and enjoyable.

Our services:

  1. Create professional websites
  2. Hosting high performance and unlimited
  3. Sale and video surveillance cameras installation
  4. Sale and Installation of security system and alarm
  5. E-Marketing

All our achievements here