We don’t yet know how exactly this happened, but everything points towards a compromise of the server (rather than a compromise of an individual git account). PHP development is managed using the well-known Git source code control system, on a server operated by the PHP team itself. The unauthorised code changes were tagged with the names of Rasmus Lerdorf (creator of PHP) and Nikita Popov (a major PHP contributor). In other words, a remote shell of this sort doesn’t just let cybercriminals run some commands, it lets them run any commands, and therefore to adapt and alter their attack as they go along. This backdoors turns PHP itself into what’s known as a webshell – an implanted malicious file on the server that can not only be triggered by an external attacker, but also instructed to run any system command the attacker wants at any time. This causes remote code execution (RCE), typically giving the attacker the same rights and privileges as the web server itself. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |