Greetings, all;
As some of you may know, php.net was targeted and compromised
yesterday, leading to some services - including the one used by
Google's Chrome browser - to block the site for a short period of
time, and then a whirlwind of news. Though very brief, the attack
compromised two servers (one hosting www.php.net, the other hosting
bugs.php.net), and was used to inject an iframe (via some obfuscated
JavaScript) that would attempt to force-download a piece of ransomware
onto Windows-based systems. We immediately took steps to cease the
injection, then moved everything to new, pristine servers ---
verifying the safety and validity of every bit of code for the sites,
distributions, and everything else by hand and by script in the
process. We're now entering a post-mortem investigative phase to
attempt discovery of how the infiltration was able to take place, and
should there be any worthwhile information to share, there will be
more on that front in the coming days, weeks, or months.
And one way to stay in touch with information such as that is via
the new (well, I registered it on 21 June, but it just got its first
use yesterday) official php.net Twitter account. If you're on Twitter
and so desire, you can follow the account at @official_php. There are
a number of other accounts purporting to be official, connected, or
otherwise related to PHP in some manner, but @official_php is the only
account actually operated by us for the sole purpose of communicating
real information directly from us to the public.
With all of that said, time to get back to work. Need to take
advantage of the quiet as much as possible now, since my daughter got
a new baby brother a week ago today. Not much in the way of peace,
quiet, and sleep anymore, as all of you parents know all too well.
--
</Daniel P. Brown>
Network Infrastructure Manager
http://www.php.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
