php
PHP Git server compromise attempts source code backdoor
Attackers compromised the self-hosted `git.php.net` server. They pushed two malicious commits directly to the php-src repository ('main' branch). These commits attempted to insert a backdoor enabling remote code execution, disguised as typo fixes. The commits were detected quickly and did not impact any released version. PHP migrated to GitHub afterwards.
- Date
- 2021-03-28
- Category
- Open Source
- Target Surface
- Revision control
- Insertion Phase
- source
- Impact
- Benign
- Cause
- Compromised Infrastructure
What Was Affected
Package
php
LanguageC
ComponentLibrary
Artifact typerevision control system
Domain typecode host
Domain
git.php.net
Repository
github.com/php/php-src
Incident Context
- Motive
- Espionage/Strategic Advantage
- Attribution
- Individual Hacker
- Transitive
- No
- Observed Duration
- 0 days
Evidence
Compromised Artifacts
Current Artifacts and Analysis
Indicators and Changes
Commits
External References
Source Data
Source record: oss/php/2021/meta.yaml