Php.net resource restored

    Not later than yesterday I witnessed an unpleasant event, namely, the lack of access to php.net . What was soon written in the post http://habrahabr.ru/post/198816/ .
    Today access to the resource from Chrome and Firefox has been restored.

    As far as I understand from the message on php.net dated 10/24/13, the problem lay in the operation of the userprefs.js file, which received content with the wrong size, corrected it, and returned it in a couple of minutes. Google ran into one such change that looked from the outside as something immoral, and from sin on it shot the administrator’s head and banned the site.

    A little later, the administration unsubscribed that they still continue to work on the consequences of the failure. The team checked each server responsible for php.net and still found a couple of infected ones. Currently, three affected servers have been identified: www.php.net , static.php.net, git.php.net. It is noted that the hacking method is still unclear.

    Currently, all vulnerable services have been migrated from these servers. The team checked the "cleanliness" of the Git repository. At the time of the evening, 10/24/13, the resource was receiving new SSL (the old one was revoked, since theoretically attackers could gain access to it).

    The report noted that the percentage of users who were attacked is small (although a specific figure has not been published). The attack itself took place from October 22-24.

    As a preventative measure, all svn.php.net and git.php.net users will be reset passwords.

    Also popular now: