Tuesday, March 22, 2011 0 comments
PHP.net Wiki Server Hacked
The php.net team announced that the server of the php.net developer wiki has been hacked by unidentified attackers who stole account credentials. Based on the results of a preliminary investigation, the point of entry was a vulnerability in the DokuWiki software used on the platform. The attackers then managed to obtain root privileges on the device by exploiting a local Linux privilege escalation vulnerability.
The biggest concern following the incident was that stolen developer credentials might have been used to alter the official php source code. Because of this, a code audit which reviewed all commits since version 5.3.5 has been performed. Fortunately, no tampering was detected.
There was a brief period when rumors about a backdoor being injected into the code by a Chinese hacker were circulated.
These were based on a blog post dated March 18, but apparently concerned an incident that occurred in December 2010 when a hacker managed to perform a rogue code commit using PHP developer Hannes Magnusson's credentials.
The modification was not malicious and consisted of only adding a name to a credits file. The commit was promptly detected and reverted at the time.
As precaution, the php.net team completely wiped the compromised wiki server and will force a password change for all repository accounts. Developers should also change their password in other locations where they might have used it.
PHP.net is not the first big open source project to fear code tampering or have one of its infrastructure servers was compromised by hackers.