Someone Hacked PHP PEAR Site and Replaced the Official Package Manager

[LASER_oneXM]

Content source

https://thehackernews.com/2019/01/php-pear-hacked.html

Beware! If you have downloaded PHP PEAR package manager from its official website in past 6 months, we are sorry to say that your server might have been compromised.

Last week, the maintainers at PEAR took down the official website of the PEAR (pear-php.net) after they found that someone has replaced original PHP PEAR package manager (go-pear.phar) with a modified version in the core PEAR file system.

Though the PEAR developers are still in the process of analyzing the malicious package, a security announcement published on January 19, 2019, confirmed that the allegedly hacked website had been serving the installation file contaminated with the malicious code to download for at least half a year.

Since the PEAR officials have just put out a warning notification and not released any details about the security incident, it is still unclear that who is behind the attack.

The developers tweeted that they will publish a "more detailed announcement" on the PEAR Blog once it's back online.

All PHP/PEAR users who have downloaded the installation file go-pear.phar from the official website in the past six months should consider themselves compromised and quickly download and install the Github version.

 

[upnorth]

There site is officially closed.

Spoiler

 

[Local Host]

This is why I don't trust anyone, the websites themselves get hacked due to lack of safe habits, security or pure laziness. Then our accounts get leaked online, even though our machine was secure the whole time.

This types of attacks are becoming more often every day, but companies are still ignorant.