The team behind popular web programing site PHP.net is in the process of restoring services and tightening security in the aftermath of a hack that exposed visitors to JavaScript-based exploits.
Malicious JavaScript code was served to a small percentage of php.net users between 22 and 24 October after two php.net servers were compromised. The infected machine have been withdrawn from service, with their workloads migrated to new, more secure servers.
In a statement about the breach, the PHP.net team reassured developers that neither the source tarball downloads nor the Git repository were modified or compromised.
The possibility of code depositories being tainted is the worst possible outcome of this kind of breach, so it comes as a relief that nothing that might lead to the distribution of backdoor code has resulted as a consequence of the hack.
SOURCE: theregister.co.uk
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.