If 2020 was the year of viruses / contamination for humans, it seems 2021 is the one for computers. Each week sees its malware/hacking/attack news..
Today, let’s talk about PHP, the most common languages used in web development which was the latest target by hackers.
Indeed, hackers succeeded in getting into the official GIT of PHP and added a backdoor in the source code.
The latters, tried to use some well known usernames as Rasmus Lerdof and Nikita Popof (cofundator of PHP and a regular contributor) to push their modifications without being noticed .
This is, hopefully, without counting on the community responsible for evolutions and implementations which is really reactive and found out quickly the 2 commits made on the master-branch.
If deployed, those would have allowed any users to execute SQL injection and so compromised numbers of websites.
An official message was released lately by Nikita Popof saying the community will review the code for any other corrupted files and that the project will migrate from PHP’s official GIT to GitHub.
Original message available at php.net