Over the weekend, attackers uploaded two malware payloads to the PHP git server, one would have created a backdoor to PHP-enabled websites. Both were found and reverted before going into production. The two commits were pushed to the php-src repository on Sunday under the user names of PHP maintainers Nikita Popov (nikic) and Rasmus Lerdorf (rlerdorf).
The descriptions said they were corrections to “fix typos.” Popov immediately issued a statement saying he and Lerdorf are unsure how the attackers uploaded the malicious code under their names but think someone with push access compromised the server.
