PHP Git服務器被入侵,黑客向源代碼中添加後門

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3月28日,PHP團隊成員Nikita Popov發佈一條緊急新聞,稱“PHP官方Git服務器被入侵,代碼庫被篡改”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"之後,網名叫nixCraft的網友也在Twitter發文,“小心!PHP git服務器受到攻擊,並且,攻擊者向PHP代碼庫中添加了後門。請大家注意其安全性!”"}]},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/5d\/5d16bf0b158babf343730805d4df66d2.jpeg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"PHP Git服務器被植入RCE後門"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據官方公告,PHP團隊在git.php.net服務器上維護的php-src倉庫被推送了兩個惡意提交(commits)。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爲了保證提交可靠性,攻擊者還僞造簽名,讓人以爲提交是由PHP開發者和維護者Nikita Popov與Rasmus Lerdorf完成的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/b3\/b3fa8cdc6f339d1bbcbe42b17d2efab4.webp","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"然而,在新增的第370行調用zend_eval_string函數的地方,這段代碼實際上是爲運行這個被劫持的PHP版本的網站埋下了一個後門,以獲取輕鬆的遠程代碼執行(RCE)。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"PHP開發者表示,“如果字符串以'zerodium'開頭,這一行就會從useragent HTTP頭內執行PHP代碼。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在提交幾小時後,PHP團隊就在進行常規的代碼審查時發現問題。這些更改的惡意很明顯,所以很快被還原了。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對像Git這樣的源碼版本控制系統來說,這樣的事並不讓人意外。因爲攻擊者可以把提交的內容打上其他人的簽名,然後再把僞造的提交上傳到遠程的Git服務器。這樣一來,就會讓人覺得這個提交確實是由簽名的人提交的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"國外安全媒體bleepingcomputer對此評論,“作爲一門服務器端編程語言,PHP爲互聯網上超過79%的網站提供支持。這一事件令人震驚。”"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"棄用官方Git服務器,PHP代碼庫遷移到GitHub"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"作爲此次事件後的預防措施,PHP團隊已經決定將PHP官方源碼庫遷移到GitHub。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/56\/56da6c537689430cf2e9e87b7dd7e2eb.jpeg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前,PHP團隊還在對此事進行調查。官方稱,“我們還不知道這是怎麼發生的,但是這次惡意活動源於被入侵的git.php.net服務器,而非個人的Git賬戶被入侵。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“雖然調查還在進行中,但爲了減少我們自己維護的Git基礎設施所面臨的風險,我們將停用git.php.net服務器”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"官方團隊表示,“GitHub上的PHP代碼庫以前只是作爲鏡像,現在將作爲正式的來使用。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"並且,從現在開始,任何代碼修改都會直接推送到GitHub上。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"現在,除了那兩個惡意提交外,PHP官方團隊還在檢查是否還有其他的安全威脅。"}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章