{"id":1756,"date":"2021-04-09T13:04:56","date_gmt":"2021-04-09T13:04:56","guid":{"rendered":"https:\/\/www.hostarmada.com\/blog\/?p=1756"},"modified":"2021-04-09T13:04:58","modified_gmt":"2021-04-09T13:04:58","slug":"hackers-exploit-php-git-repository-add-backdoor","status":"publish","type":"post","link":"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/","title":{"rendered":"Hackers exploit the PHP Git repository adding backdoor to PHP&#8217;s source code"},"content":{"rendered":"\n<p>According to the latest online sources, HostArmada can confirm that the official PHP git repository, at http:\/\/git.php.net\/, was the target of two malicious attacks made on <strong>2021-03-28<\/strong>. Hackers pushed the two malicious exploits to the php-src repo from Rasmus Lerdorf and Nikita Popov&#8217;s names. It is unknown how exactly this happened, but everything points towards hackers compromising the git.php.net server <strong>(rather than compromising any individual git account)<\/strong>.<\/p>\n\n\n\n<p>HostArmada continues to be a reliable source of news. After our latest blog post about cybersecurity, we continue the trend of reporting the major news that our clients and other interested parties should keep an eye out for. Please keep reading to find out more about this incident as it develops!<\/p>\n\n\n\n<p><strong>Here are the two referenced commits that we are talking about in this blog post: <\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-style-default\"><a href=\"https:\/\/github.com\/php\/php-src\/commit\/c730aa26bd52829a49f2ad284b181b7e82a68d7d\"><img decoding=\"async\" width=\"1002\" height=\"459\" src=\"https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/commit-1-github-1.png\" alt=\"\" class=\"wp-image-1785\" srcset=\"https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/commit-1-github-1.png 1002w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/commit-1-github-1-300x137.png 300w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/commit-1-github-1-768x352.png 768w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/commit-1-github-1-24x11.png 24w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/commit-1-github-1-36x16.png 36w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/commit-1-github-1-48x22.png 48w\" sizes=\"(max-width: 1002px) 100vw, 1002px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large is-style-default\"><a href=\"https:\/\/github.com\/php\/php-src\/commit\/2b0f239b211c7544ebc7a4cd2c977a5b7a11ed8a\"><img decoding=\"async\" width=\"1000\" height=\"609\" src=\"https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/commit-2-revert-github-1.png\" alt=\"\" class=\"wp-image-1786\" srcset=\"https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/commit-2-revert-github-1.png 1000w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/commit-2-revert-github-1-300x183.png 300w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/commit-2-revert-github-1-768x468.png 768w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/commit-2-revert-github-1-24x15.png 24w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/commit-2-revert-github-1-36x22.png 36w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/commit-2-revert-github-1-48x29.png 48w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/a><\/figure>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 ez-toc-wrap-right counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #565656;color:#565656\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #565656;color:#565656\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/#What_did_the_hackers_do\" >What did the hackers do?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/#Repercussions_of_the_attack\" >Repercussions of the attack<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/#Have_the_hackers_left_Github_users_unsafe\" >Have the hackers left Github users unsafe?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/#In_the_wake_of_the_Microsoft_Exchange_Github_Scandal\" >In the wake of the Microsoft Exchange Github Scandal<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/#Closing_Remarks\" >Closing Remarks<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_did_the_hackers_do\"><\/span>What did the hackers do? <span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large is-style-default\"><img decoding=\"async\" width=\"960\" height=\"427\" src=\"https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/cybercrime-news-hackers-exploit-github.jpg\" alt=\"Hackers exploit GitHub.\" class=\"wp-image-1765\" srcset=\"https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/cybercrime-news-hackers-exploit-github.jpg 960w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/cybercrime-news-hackers-exploit-github-300x133.jpg 300w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/cybercrime-news-hackers-exploit-github-768x342.jpg 768w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/cybercrime-news-hackers-exploit-github-24x11.jpg 24w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/cybercrime-news-hackers-exploit-github-36x16.jpg 36w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/cybercrime-news-hackers-exploit-github-48x21.jpg 48w\" sizes=\"(max-width: 960px) 100vw, 960px\" \/><\/figure>\n\n\n\n<p>Everything points towards a compromise of the git.php.net server. Hackers pushed the backdoored code on the server under the guise of a very minor and inconspicuous edit. The malicious attackers pushed the two commits to the php-src repo for the popular scripting language. This backdoor would have allowed them to perform remote code execution <strong>(RCE)<\/strong>, PHP maintainers revealed in an official statement. These unknown chaos agents would have used the backdoor for the remote takeover of any website that uses PHP. Maintainers are now reviewing the repositories for any signs of further compromise. <br><br>The security incident can be described as a supply-chain attack. Threat actors will target an open-source project, library, or another component that is relied upon by a large user base. By compromising one core target, it may be possible for malicious code to trickle down to a wide-reaching number of systems.<br><br>A recent example is the SolarWinds fiasco, discussed in our <a href=\"https:\/\/www.hostarmada.com\/blog\/cybersecurity-news-and-trends-hostarmada-report-2021\/\" target=\"_blank\" rel=\"noreferrer noopener\">previous blog post<\/a>, in which the vendor was breached, and hackers planted a malicious update for its Orion software. Once malicious users deployed this malware, tens of thousands of organizations were compromised, including Microsoft, FireEye, and Mimecast.<\/p>\n\n\n\n<p>An investigation is still underway with no confirmed reports pointing to the identity of the attacker.<br><br>The malicious code includes reference to <strong>\u2018Zerodium,\u2019<\/strong> a US company known for buying zero-day exploits. The company has so far denied involvement. In a tweet Zerodium CEO said: <\/p>\n\n\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>&#8220;Cheers to the troll who put \u2018Zerodium\u2019 in today\u2019s PHP git compromised commits. Obviously, we have nothing to do with this. Likely, the researcher(s) who found this bug\/exploit tried to sell it to many entities, but none wanted to buy this crap, so they burned it for fun.\u201d<\/p><cite>Zerodium CEO Chaouki Bekrar<\/cite><\/blockquote><\/figure>\n\n\n\n<h2 class=\"has-text-align-center wp-block-heading\"><span class=\"ez-toc-section\" id=\"Repercussions_of_the_attack\"><\/span>Repercussions of the attack<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<div class=\"wp-block-image is-style-default\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"626\" height=\"417\" src=\"https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/security-analysts-protect-internet-connected-systems-with-shield-cyber-security-data-protection-cyberattacks-concept_335657-1827.jpg\" alt=\"Hackers exploit GitHub.\" class=\"wp-image-1764\" srcset=\"https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/security-analysts-protect-internet-connected-systems-with-shield-cyber-security-data-protection-cyberattacks-concept_335657-1827.jpg 626w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/security-analysts-protect-internet-connected-systems-with-shield-cyber-security-data-protection-cyberattacks-concept_335657-1827-300x200.jpg 300w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/security-analysts-protect-internet-connected-systems-with-shield-cyber-security-data-protection-cyberattacks-concept_335657-1827-24x16.jpg 24w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/security-analysts-protect-internet-connected-systems-with-shield-cyber-security-data-protection-cyberattacks-concept_335657-1827-36x24.jpg 36w, https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/security-analysts-protect-internet-connected-systems-with-shield-cyber-security-data-protection-cyberattacks-concept_335657-1827-48x32.jpg 48w\" sizes=\"(max-width: 626px) 100vw, 626px\" \/><\/figure><\/div>\n\n\n\n<p>While preliminary investigations are still underway, PHP maintainers have decided that maintaining their own git infrastructure is an unnecessary security risk at this time. In the interest of cybersecurity and to prevent other hackers from interfering, they will discontinue the git.php.net server. As of right now and indefinitely. Instead, the repositories on GitHub, which were previously only mirrors, will become canonical. This means that in the future, they should push changes directly to GitHub rather than to git.php.net. <br><br>Previously the write access to repositories handles through their home-grown karma system. You will now need to be part of the PHP organization on GitHub. If you are not part of the organization yet or don&#8217;t have access to a repository you should have access to, contact Nikita Popov at nikic@php.net with your php.net and GitHub account names, as well as the permissions you&#8217;re currently missing. Membership in the organization has to have 2FA turned on. This change also means that it is now possible to merge pull requests directly from the GitHub web interface.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Have_the_hackers_left_Github_users_unsafe\"><\/span>Have the hackers left Github users unsafe? <span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Hackers may indeed have exploited the PHP repository itself. However, PHP maintainers found the backdoor left by the attacker(s) early.  This was way before its malicious code could have reached the latest PHP release. This means that no released versions of PHP included this backdoor. This has prevented what could have been a major disaster for the global online community. According to a Web Technology Surveys study, PHP is thought to underpin almost <strong>80%<\/strong> of all websites. This includes all WordPress sites, which are built on PHP. <br><br>The PHP team is currently reviewing the repositories to ensure that no other modifications were made by the attacker(s), but nothing has been found up to now. HostArmada will continue to monitor the situation further to provide you with updates as it develops further. We are quite eager to hear the results of the investigation!<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"In_the_wake_of_the_Microsoft_Exchange_Github_Scandal\"><\/span>In the wake of the Microsoft Exchange Github Scandal<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>This wasn&#8217;t the only cybersecurity alert that has happened for Github in the recent past. After security researcher Nguyen Jang posted a proof-of-concept exploit on GitHub that abuses a Microsoft Exchange vulnerability revealed earlier, GitHub, which is Microsoft-owned, removed the code to the alarm of security researchers worldwide.<br><br>The PoC code, something short of an actual functioning exploit, consisted of a 169-line Python file. It took advantage of <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26855\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2021-26855<\/a>, a Microsoft Exchange Server flaw that allows an attacker to bypass authentication and act with administrative privileges. The bug, referred to as ProxyLogon, was one of four Microsoft Exchange zero-days that Microsoft patched in an out-of-band release on March 3, 2021. It&#8217;s part of the <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/03\/02\/hafnium-targeting-exchange-servers\/\" target=\"_blank\" rel=\"noreferrer noopener\">&#8220;Hafnium&#8221;<\/a> attack that prompted a US government warning last week, which we&#8217;ve also discussed in our previous blog post. <br><br>Jang posted a <a href=\"https:\/\/testbnull.medium.com\/ph%C3%A2n-t%C3%ADch-l%E1%BB%97-h%E1%BB%95ng-proxylogon-mail-exchange-rce-s%E1%BB%B1-k%E1%BA%BFt-h%E1%BB%A3p-ho%C3%A0n-h%E1%BA%A3o-cve-2021-26855-37f4b6e06265\" target=\"_blank\" rel=\"noreferrer noopener\">write-up of his work<\/a>, in Vietnamese, with a link to the code on GitHub. And a few hours later, the link to the code on GitHub no longer functioned.<br><br>It is safe to say that this bodes some concern over Microsoft&#8217;s ability to handle cybersecurity threats and its ability to hold wholesome interactions with cybersecurity researchers and experts. We&#8217;ll have to monitor how the giant techno-corp will react and adapt to this uncertain and dangerous climate. We wish them luck and success in this endeavor!<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Closing_Remarks\"><\/span>Closing Remarks<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Expect us to be following the trends in cybersecurity in future blog posts as well. There is a lot to cover and currently happening across the world. The timing isn&#8217;t great either, given the rest of the issues the denizens of Earth are currently experiencing as a global society and the Covid-19 pandemic. The last thing we need is an unstable world wide web filled with threat actors looking to exploit big corporations and regular internet users in criminal and malicious ways. Unfortunately, that is what the current climate is showing us. Regardless this is an opportunity for companies such as HostArmada to raise awareness about these issues and be part of our global efforts to innovate and adapt to these new challenges.<br><br>Furthermore, we here at HostArmada, want to assure you that we have not been impacted by these cybersecurity threats as of now and are only reporting them to make sure our clients are well-informed about the state of the digital world.<br><br>If you have further questions, suggestions, or concerns, you can always reach us. <a href=\"https:\/\/hostarmada.com\/contact-us\/\" target=\"_blank\" rel=\"noreferrer noopener\">HostArmada remains ready to be deployed 24\/7<\/a>!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to the latest online sources, HostArmada can confirm that the official PHP git repository, at http:\/\/git.php.net\/, was the target of two malicious attacks made on 2021-03-28. Hackers pushed the two malicious exploits to the php-src repo from Rasmus Lerdorf and Nikita Popov&#8217;s names. It is unknown how exactly this happened, but everything points towards [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":1800,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3,17,20,24],"tags":[55,64,62,50,47],"class_list":["post-1756","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-news","category-php","category-security","tag-blog","tag-cybersecurity","tag-news","tag-php","tag-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Hackers exploit the PHP Git repository adding backdoor to PHP&#039;s source code - HostArmada Blog<\/title>\n<meta name=\"description\" content=\"HostArmada expands upon our cybersecurity report with the latest news. This time it aimed at Github. Read more on our latest blog post!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackers exploit the PHP Git repository adding backdoor to PHP&#039;s source code\" \/>\n<meta property=\"og:description\" content=\"HostArmada expands upon our cybersecurity report with the latest news. This time it aimed at Github. Read more on our latest blog post!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/\" \/>\n<meta property=\"og:site_name\" content=\"HostArmada Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-09T13:04:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-04-09T13:04:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/php-hacked.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Daniel Kirov\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daniel Kirov\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/hackers-exploit-php-git-repository-add-backdoor\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/hackers-exploit-php-git-repository-add-backdoor\\\/\"},\"author\":{\"name\":\"Daniel Kirov\",\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/#\\\/schema\\\/person\\\/2f4b1b844de7a85de7b151fdde689caf\"},\"headline\":\"Hackers exploit the PHP Git repository adding backdoor to PHP&#8217;s source code\",\"datePublished\":\"2021-04-09T13:04:56+00:00\",\"dateModified\":\"2021-04-09T13:04:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/hackers-exploit-php-git-repository-add-backdoor\\\/\"},\"wordCount\":1196,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/hackers-exploit-php-git-repository-add-backdoor\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/php-hacked.png\",\"keywords\":[\"blog\",\"Cybersecurity\",\"news\",\"PHP\",\"Security\"],\"articleSection\":[\"Blog\",\"News\",\"PHP\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/hackers-exploit-php-git-repository-add-backdoor\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/hackers-exploit-php-git-repository-add-backdoor\\\/\",\"url\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/hackers-exploit-php-git-repository-add-backdoor\\\/\",\"name\":\"Hackers exploit the PHP Git repository adding backdoor to PHP's source code - HostArmada Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/hackers-exploit-php-git-repository-add-backdoor\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/hackers-exploit-php-git-repository-add-backdoor\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/php-hacked.png\",\"datePublished\":\"2021-04-09T13:04:56+00:00\",\"dateModified\":\"2021-04-09T13:04:58+00:00\",\"description\":\"HostArmada expands upon our cybersecurity report with the latest news. This time it aimed at Github. Read more on our latest blog post!\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/hackers-exploit-php-git-repository-add-backdoor\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/hackers-exploit-php-git-repository-add-backdoor\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/hackers-exploit-php-git-repository-add-backdoor\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/php-hacked.png\",\"contentUrl\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/php-hacked.png\",\"width\":1200,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/hackers-exploit-php-git-repository-add-backdoor\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"HostArmada Blog\",\"item\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hackers exploit the PHP Git repository adding backdoor to PHP&#8217;s source code\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/\",\"name\":\"HostArmada Blog\",\"description\":\"HostArmada official blog. Useful web hosting related articles.\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/#organization\",\"name\":\"HostArmada Blog\",\"url\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/logo-png-300x43-1.png\",\"contentUrl\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/logo-png-300x43-1.png\",\"width\":300,\"height\":44,\"caption\":\"HostArmada Blog\"},\"image\":{\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/#\\\/schema\\\/person\\\/2f4b1b844de7a85de7b151fdde689caf\",\"name\":\"Daniel Kirov\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0bf31156b99a25e66d0b89d80725c9b68e117a1720d59983438f892ab14585dd?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0bf31156b99a25e66d0b89d80725c9b68e117a1720d59983438f892ab14585dd?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0bf31156b99a25e66d0b89d80725c9b68e117a1720d59983438f892ab14585dd?s=96&d=mm&r=g\",\"caption\":\"Daniel Kirov\"},\"description\":\"Daniel, our Content Manager, joined HostArmada with over five years of experience under his belt in the web hosting sector in various roles, including customer care, sales, and technical support. His passion for writing and communications and his experience makes him the ideal person for the job. He is devoted to spreading wisdom and knowledge about the web hosting sector so that both clients and colleagues can benefit greatly. In his words, serving and educating others is the way to mutual prosperity.\",\"sameAs\":[\"https:\\\/\\\/hostarmada.com\\\/\"],\"url\":\"https:\\\/\\\/www.hostarmada.com\\\/blog\\\/author\\\/daniel-kirov\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Hackers exploit the PHP Git repository adding backdoor to PHP's source code - HostArmada Blog","description":"HostArmada expands upon our cybersecurity report with the latest news. This time it aimed at Github. Read more on our latest blog post!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/","og_locale":"en_US","og_type":"article","og_title":"Hackers exploit the PHP Git repository adding backdoor to PHP's source code","og_description":"HostArmada expands upon our cybersecurity report with the latest news. This time it aimed at Github. Read more on our latest blog post!","og_url":"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/","og_site_name":"HostArmada Blog","article_published_time":"2021-04-09T13:04:56+00:00","article_modified_time":"2021-04-09T13:04:58+00:00","og_image":[{"width":1200,"height":600,"url":"https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/php-hacked.png","type":"image\/png"}],"author":"Daniel Kirov","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Daniel Kirov","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/#article","isPartOf":{"@id":"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/"},"author":{"name":"Daniel Kirov","@id":"https:\/\/www.hostarmada.com\/blog\/#\/schema\/person\/2f4b1b844de7a85de7b151fdde689caf"},"headline":"Hackers exploit the PHP Git repository adding backdoor to PHP&#8217;s source code","datePublished":"2021-04-09T13:04:56+00:00","dateModified":"2021-04-09T13:04:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/"},"wordCount":1196,"commentCount":0,"publisher":{"@id":"https:\/\/www.hostarmada.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/#primaryimage"},"thumbnailUrl":"https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/php-hacked.png","keywords":["blog","Cybersecurity","news","PHP","Security"],"articleSection":["Blog","News","PHP","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/","url":"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/","name":"Hackers exploit the PHP Git repository adding backdoor to PHP's source code - HostArmada Blog","isPartOf":{"@id":"https:\/\/www.hostarmada.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/#primaryimage"},"image":{"@id":"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/#primaryimage"},"thumbnailUrl":"https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/php-hacked.png","datePublished":"2021-04-09T13:04:56+00:00","dateModified":"2021-04-09T13:04:58+00:00","description":"HostArmada expands upon our cybersecurity report with the latest news. This time it aimed at Github. Read more on our latest blog post!","breadcrumb":{"@id":"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/#primaryimage","url":"https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/php-hacked.png","contentUrl":"https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2021\/04\/php-hacked.png","width":1200,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/www.hostarmada.com\/blog\/hackers-exploit-php-git-repository-add-backdoor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"HostArmada Blog","item":"https:\/\/www.hostarmada.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Hackers exploit the PHP Git repository adding backdoor to PHP&#8217;s source code"}]},{"@type":"WebSite","@id":"https:\/\/www.hostarmada.com\/blog\/#website","url":"https:\/\/www.hostarmada.com\/blog\/","name":"HostArmada Blog","description":"HostArmada official blog. Useful web hosting related articles.","publisher":{"@id":"https:\/\/www.hostarmada.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.hostarmada.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.hostarmada.com\/blog\/#organization","name":"HostArmada Blog","url":"https:\/\/www.hostarmada.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hostarmada.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2022\/06\/logo-png-300x43-1.png","contentUrl":"https:\/\/www.hostarmada.com\/blog\/wp-content\/uploads\/2022\/06\/logo-png-300x43-1.png","width":300,"height":44,"caption":"HostArmada Blog"},"image":{"@id":"https:\/\/www.hostarmada.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.hostarmada.com\/blog\/#\/schema\/person\/2f4b1b844de7a85de7b151fdde689caf","name":"Daniel Kirov","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/0bf31156b99a25e66d0b89d80725c9b68e117a1720d59983438f892ab14585dd?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/0bf31156b99a25e66d0b89d80725c9b68e117a1720d59983438f892ab14585dd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0bf31156b99a25e66d0b89d80725c9b68e117a1720d59983438f892ab14585dd?s=96&d=mm&r=g","caption":"Daniel Kirov"},"description":"Daniel, our Content Manager, joined HostArmada with over five years of experience under his belt in the web hosting sector in various roles, including customer care, sales, and technical support. His passion for writing and communications and his experience makes him the ideal person for the job. He is devoted to spreading wisdom and knowledge about the web hosting sector so that both clients and colleagues can benefit greatly. In his words, serving and educating others is the way to mutual prosperity.","sameAs":["https:\/\/hostarmada.com\/"],"url":"https:\/\/www.hostarmada.com\/blog\/author\/daniel-kirov\/"}]}},"_links":{"self":[{"href":"https:\/\/www.hostarmada.com\/blog\/wp-json\/wp\/v2\/posts\/1756","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hostarmada.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hostarmada.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hostarmada.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hostarmada.com\/blog\/wp-json\/wp\/v2\/comments?post=1756"}],"version-history":[{"count":36,"href":"https:\/\/www.hostarmada.com\/blog\/wp-json\/wp\/v2\/posts\/1756\/revisions"}],"predecessor-version":[{"id":1802,"href":"https:\/\/www.hostarmada.com\/blog\/wp-json\/wp\/v2\/posts\/1756\/revisions\/1802"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.hostarmada.com\/blog\/wp-json\/wp\/v2\/media\/1800"}],"wp:attachment":[{"href":"https:\/\/www.hostarmada.com\/blog\/wp-json\/wp\/v2\/media?parent=1756"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hostarmada.com\/blog\/wp-json\/wp\/v2\/categories?post=1756"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hostarmada.com\/blog\/wp-json\/wp\/v2\/tags?post=1756"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}