PHP.net hacked, but most things are fine again

Between 22nd and 24th October 2013 php.net served JavaScript malware (that was built to use security holes in the usually insecure Flash player) to users, but php downloads / source tarballs are not affected.

As stated by php.net, everything is fine again. I’ve put a link to the full attacker’s JS code at the end of the article, this might be interesting for JS guys. This will hopefully lead to a rethinking of how php.net handles its server mirroring.

Update: Parts of the site which use SSL are not accessable for a short time.

Update: All passwords for the site have been reset.

Update: The PHP git repo is now read-only.

More here:
http://php.net/archive/2013.php#id2013-10-24-1
http://barracudalabs.com/2013/10/php-net-compromise/

The full code of the attacking malware JavaScript (very interesting read!) can be found here:
http://pastebin.com/XD0KyLxu

PHP.net hacked, but most things are fine again

Quick fix for 404 error in WordPress category / tag page

JavaScript Testing Tactics (21min video by Justin Searls)

Need motivation ? Check out these 2 awesome “FORBES 30 under 30” lists (web, UI, games)

Which PHP-framework to learn in 2014 ? PHALCON, by far the fastest ever!

A super-simple pre-configured Vagrant box with HipHop, Hack and Hack code examples

Test GZIP compression of your server easily

Get Github’s syntax highlighting colors in PHPStorm

How to install/setup latest version of PHP 5.5 on Debian Wheezy 7.0/7.1/7.2 (and how to fix the GPG key error)

A list of downloadable Vagrant boxes (CentOS 5.9 / 6.4, Ubuntu 12 / 13, Debian 6 / 7 / 7.1 / 7.2)

How Snapchat wants to earn money (by establishing vertical videos)

Extremely simple deployment with PHPloy

New features in SASS 3.3 (a talk by SASS-creator Chris Eppstein)

Support FLARUM, the future of PHP forum scripts (with some dollars on Kickstarter)

PHP Caching Best Practices by Eli White (video from PHP UK Conference 2014)

Joshua Davis – my hero of Flash – in two excellent interviews (audio, video)

GitHub introduces revert button / rollback for merged pull requests

Microsoft announces “holographic” 3D interfaces (promo video)

How to install/setup a basic LAMP stack (Linux, Apache, MySQL, PHP) on Ubuntu 14.04 LTS

Frontend Ops Conf 2014 – Rebooting Flickr On A Node.js Stack, One Page At A Time (from PHP) by Bertrand Fan

First view: Ubuntu 14.04 LTS brings PHP 5.5 and Apache 2.4

Facebook releases HipHop (HHVM) 3.0, adds mysqli and support for Hack language

Why Modern PHP is Awesome And How You Can Use It Today (Slides by Matt Stauffer)

How major web companies (and banks) handle passwords quite wrong

[Link] Making a website vertically responsive