A few days ago, multiple sources confirmed that the notable website PHP.net was compromised. Google warned users trying to access the site that it contained a malware while Chrome and Firefox also cited similar warnings. The issue has been resolved by now.
According to the details of the malware detection provided by Google, “Of the 1513 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent.”
The Safe Browsing diagnostic page of Google further revealed, “Malicious software includes 4 trojan(s). Malicious software is hosted on 4 domain(s), including cobbcountybankruptcylawyer.com/, stephaniemari.com/, northgadui.com/ . 3 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including stephaniemari.com/,northgadui.com/, satnavreviewed.co.uk/”
The team behind the website was quick to take precautionary measures as soon as the malware was detected. Investigations into the attack revealed that the hackers were able to gain access to two servers.
To mitigate any possibly damage, the team stated that it had took the following measures, “As it’s possible that the attackers may have accessed the private key of the php.net SSL certificate, we have revoked it immediately. We are in the process of getting a new certificate, and expect to restore access to php.net sites that require SSL (including bugs.php.net and wiki.php.net) in the next few hours.”
The issue has been resolved now and the website is no longer being flagged as malware-infected by Google or any other sources. Since PHP.net is a very popular online hub, it is significant to note that the hackers were apparently able to insert malware into its web pages rather easily.
Courtesy: The Hacker News