phpBB Heb

Main Menu

  • Home
  • Internet Forum
  • PHP Scripting Language
  • Open Source Software
  • Online Communities
  • Commerce

phpBB Heb

Header Banner

phpBB Heb

  • Home
  • Internet Forum
  • PHP Scripting Language
  • Open Source Software
  • Online Communities
  • Commerce
PHP Scripting Language
Home›PHP Scripting Language›PHP Maintainers Release Post-Mortem Report After Backdoor Placed in Git Repository

PHP Maintainers Release Post-Mortem Report After Backdoor Placed in Git Repository

By George T. Sprague
April 7, 2021
0
0



More details published on the incident, although the attacker remains unidentified

PHP officials released a post-mortem report after an unknown actor pushed backdoor code to the official PHP Git scripting language repository.

As previously stated by The daily sip, an attacker made two commits in the php-src repo which contained a backdoor allowing remote code execution (RCE).

They are believed to have gained access to the core server, which allowed them to crash the backdoor under the guise of a minor change made on behalf of a maintainer.

Last night (April 6), manager Nikita Popov released more details about the attack and said the team no longer believed the git.php.net server was compromised, but the master user database. .php.net had been leaked.

CONTEXT Backdoor crashed in PHP Git repository after server hack

The update includes information on a series of changes made to improve security, including the fact that master.php.net has been migrated to a new system, main.php.net.

All php.net passwords have been reset and users must request a new one through the “forgot password” function.

Popov also revealed that git.php.net and svn.php.net are now read-only “but will remain available for now”.

Deep dive

After first suspecting that PHP co-creator Rasmus Lerdorf’s account had been compromised, Popov said she investigated the installation of PHP giolite to determine which account pushed the malicious code.

It was then that she realized that there was no entry for the two malicious commits, meaning they completely bypassed the gitolite infrastructure.

“This has been interpreted as probable evidence of a server compromise,” Popov wrote.

The team then shut down the git.php.net server and migrated to GitHub as the repository host.

Learn about the latest database security news

Popov also found that git.php.net intentionally supports push changes not only through SSH.
but also via HTTPS.

“The latter did not use gitolite, but was instead used behind the Apache2 Digest authentication against the master.php.net user database.”

Popov added, “Based on the access logs, we can determine that validations were successfully transmitted using HTTPS and password authentication.”

Unclear entry point

The team suspects that a database leak gave the malicious attacker access to passwords, although they also repeatedly attempted to guess usernames, with Popov writing that ” it is not known why the attacker would need to guess the usernames in this case ”.

In light of a possible leak, changes have been made including the migration to master.php.net, which runs PHP 8, and the introduction of support for TLS1.2.

Popov also noted that the implementation has been moved to using parameterized queries, “to be sure that SQL injections cannot occur.”

Passwords are now stored using bcrypt having previously been stored in a format compatible with HTTP Digest authentication – “essentially a simple md5 hash” – which was required for HTTP authentication on git.php.net and svn .php.net.

More details on the changes can be found in Popov’s notice.

YOU MAY ALSO LIKE UC Berkeley Confirms Data Breach, Becomes Latest Accellion Cyber ​​Attack Victim



Related posts:

  1. Pay what you want to earn expert Python training courses with this bundle
  2. What is headless commerce and why is it prevalent in the world of e-commerce?
  3. How to write your first PHP code
  4. PHP Project Says A Security Issue Is Likely Due To A Main Database Leak
Tagsscripting language

Recent Posts

  • Samsung partners with Red Hat to develop next-gen memory-related software
  • Monkeypox is spread through sex, but not an STI
  • DigiTech’s South African “App Store” uses R925 website template
  • HP and System76 team up to launch a high-end Linux laptop
  • WHITAKER CENTER OPENS NEW PNC INNOVATION ZONE WITH FIRST OF ITS KIND “PURPOSEFUL GAMING STUDIO”

Archives

  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020

Categories

  • Commerce
  • Internet Forum
  • Online Communities
  • Open Source Software
  • PHP Scripting Language
  • Terms and Conditions
  • Privacy Policy