PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

php.net security notice

Note: This article was originally published at Planet PHP on 19 April 9200.
Planet PHP
The wiki.php.net box was compromised and the attackers were able to collect wiki account credentials. No other machines in the php.net infrastructure appear to have been affected. Our biggest concern is, of course, the integrity of our source code. We did an extensive code audit and looked at every commit since 5.3.5 to make sure that no stolen accounts were used to inject anything malicious. Nothing was found. The compromised machine has been wiped and we are forcing a password change for all svn accounts.We are still investigating the details of the attack which combined a vulnerability in the Wiki software with a Linux root exploit.