PHP.net had a bad day yesterday, when its website was flagged by Google as hosting malware.
At first it was suspected that it was a false positive, but further analysis by the web scripting website found that two servers had been hacked and set up to serve malware.
According to PHP.net, its team have audited every server operated by php.net and the servers which hostedwww.php.net
In its update
, it said: “All affected services have been migrated off those servers. We have verified that our Git repository was not compromised, and it remains in read-only mode as services are brought back up in full.
“As it’s possible that the attackers may have accessed the private key of the php.net SSL certificate, we have revoked it immediately. We are in the process of getting a new certificate, and expect to restore access to php.net sites that require SSL (including bugs.php.net and wiki.php.net) in the next few hours.”
Research by Trustwave Spiderlabs
24 hours on, it seems that PHP.net is getting the thumbs up from Google, as its safe browsing
states that “This site is not currently listed as suspicious” and of the 370 pages it inspected, zero were found as malicious.