Between 22nd and 24th October 2013 php.net served JavaScript malware (that was built to use security holes in the usually insecure Flash player) to users, but php downloads / source tarballs are not affected. As stated by php.net, everything is fine again. I’ve put a link to the full attacker’s JS code at the end of the article, this might be interesting for JS guys. This will hopefully lead to a rethinking of how php.net handles its server mirroring. Update: Parts of the site which use SSL are not accessable for a short time. Update: All passwords for the site have been reset. Update: The PHP git repo is now read-only. More here: http://php.net/archive/2013.php#id2013-10-24-1 http://barracudalabs.com/2013/10/php-net-compromise/ The full code of the attacking malware JavaScript (very interesting read!) can be found here: http://pastebin.com/XD0KyLxu