PHP's Git Server Hacked to Insert Secret Backdoor to Its Source code


Level 27
Jun 14, 2011
In yet another instance of a software supply chain attack, someone hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code.

The two malicious commits were pushed to the self-hosted "php-src" repository hosted on the server, illicitly using the names of Rasmus Lerdorf, the author of the programming language, and Nikita Popov, a software developer at Jetbrains.

The changes are said to have been made yesterday on March 28.

"We don't yet know how exactly this happened, but everything points towards a compromise of the server (rather than a compromise of an individual git account," Popov said in an announcement.