PHP.net hacked, but most things are fine again

Between 22nd and 24th October 2013 php.net served JavaScript malware (that was built to use security holes in the usually insecure Flash player) to users, but php downloads / source tarballs are not affected.

As stated by php.net, everything is fine again. I’ve put a link to the full attacker’s JS code at the end of the article, this might be interesting for JS guys. This will hopefully lead to a rethinking of how php.net handles its server mirroring.

Update: Parts of the site which use SSL are not accessable for a short time.

Update: All passwords for the site have been reset.

Update: The PHP git repo is now read-only.

More here:
http://php.net/archive/2013.php#id2013-10-24-1
http://barracudalabs.com/2013/10/php-net-compromise/

The full code of the attacking malware JavaScript (very interesting read!) can be found here:
http://pastebin.com/XD0KyLxu

PHP.net hacked, but most things are fine again

Hochlastseiten mit PHP, MySQL und Apache am Beispiel stern.de (deutscher Artikel)

Preview-release of (my) “php-mvc” project (a simple php mvc barebone)

PHP’s HipHop outperforms PHP 5.5 with Zend OPCache and Nginx by 15-20 times

A quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on Ubuntu

DigitalOcean VPS coupon codes for december 2013 and early 2014

Which PHP-framework to learn in 2014 ? PHALCON, by far the fastest ever!

[Link] How To Install October CMS on a VPS running Ubuntu 14.04

Best introduction to unix command line / bash ever (by André Augusto Costa Santos)

Frontend Ops Conf 2014 – Rebooting Flickr On A Node.js Stack, One Page At A Time (from PHP) by Bertrand Fan

First look on Gitter, the chat for GitHub

PHP 5.6.0 RC1 is available

Profiling PHP Applications by Bastian Hofmann (video from PHP UK Conference 2014)

Slides from International PHP Conference 2014

The architecture of StackOverflow

Creators of Laravel launch one-click-installations of Laravel (including nginx, PHP 5.5 etc.)

PHP 5.7 gets refactored core, is 10%-30% faster than PHP 5.5! Wow!

Is there a JSFiddle for PHP ? Yes !

How to show the available version of a package (before doing apt-get install)

This is an experimental advertisement

O’Reilly’s Learning JavaScript Design Patterns by Addy Osmani for free

How to install PHP curl extension (in 5 seconds)

Composer problems ? Try full reset !

Migrating Wikipedia to HHVM (@Scale Conference 2014)