The PHP group states that PHP Group will change the Password for an account on php.net, after the attackers attack the programming language decide to change the site’s SSL certificate, as two servers and stick the malicious code in the website.
On Tuesday security breach has confirmed that the Google safe browsing service has blacklisted the site for scattering malware, which stimulated the Mozilla Firefox and Google chrome to block the users from visit it.
The PHP group investigated, which is still in progress, disclosed that the compromise extended to two servers: the server that hosted http://www.php.net, static.php.net and git.php.net and bugs.php.net, the project’s bug tracking system.
There is no prove that the PHP distribution packages or the Git source used for source code management have been conceded.
The PHP group claimed that “We have checked our Git repository was not negotiated and it remains in read mode only as services are carried in the full backup.”
The technique used by the attackers to compromise the two servers and stick the rogue code into userprefs.js has yet to be checked out. The PHP Group said. Php.net operators who contribute to various project like svn.php.net or git.php.net is having their password reset.
The visitors who had visited between the oct.22 and Oct. 24 on php.net should scan their computers for malware.