Mystery still surrounds hack of PHP PEAR website

PHP PEAR
Image: PHP PEAR Team

Details remain foggy about a recent security breach at the PHP PEAR website, a crucial, but lesser-known part of the PHP ecosystem.

PEAR, which stands for “PHP Extension and Application Repository,” is the first package manager that was developed for the PHP scripting language back in the 1990s, and works by allowing developers to load and reuse code for common functions delivered as PHP libraries.

While currently most PHP developers have switched to using Composer, a newer third-party package manager, PEAR still remains very popular and is still very widespread because it’s also been included by default with all official PHP binaries for Linux.

PHP developers can use the PEAR version that ships with their PHP distribution, but they can also download an updated PEAR (go-pear.phar) version from the PEAR website (which also hosts all PEAR-compatible PHP libraries).

However, last week, the PHP PEAR website –located at pear.php.net– was taken down and its homepage replaced with a short message announcing a security breach.

According to the message, the PEAR team said they’ve found that the official website had been hosting a “tainted go-pear.phar” file –which is the main PHP PEAR executable.

“If you have downloaded this go-pear.phar in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes,” said the message on the official website. “If different, you may have the infected file.”

PHP PEAR security breach

PHP PEAR security breach

Image: ZDNet

According to a VirusTotal scan of the tainted go-pear.phar file, the malicious version made available through the official PEAR website appears to contain what some antivirus vendors are describing as a backdoor.

What exactly this backdoor does, is currently unknown, as the PHP PEAR team is still analyzing the file’s source code, which contains thousands of line of code.

All PHP web servers where administrators installed an update to the PHP PEAR executable (go-pear.phar) that they downloaded from the PEAR website should be considered compromised and treated accordingly.

The PHP PEAR team says it’s still auditing and rebuilding its website, looking for the security hole that attackers exploited six months ago to plant the backdoored go-pear.phar file in the first place.

PEAR developers promised a more detailed incident post-mortem when this operation concludes.

In the meantime, earlier today, the PHP PEAR team also released PEAR v1.10.10, a new PEAR release, which is identical with the previous release v1.10.9, but which the PHP PEAR team uploaded on GitHub to give it a new timestamp and signal that it’s a clean version that webmasters can install without fear of downloading a potentially backdoored release.

While PHP currently powers nearly 79 percent of all internet sites, only a small portion of them are likely to be affected by this incident, as most people either use Composer or rarely update the PEAR executable in the first place.

More security coverage:

Mystery still surrounds hack of PHP PEAR website 1
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 44,864.00
ethereum
Ethereum (ETH) $ 3,159.01
cardano
Cardano (ADA) $ 2.27
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 383.25
xrp
XRP (XRP) $ 1.00
solana
Solana (SOL) $ 149.61
polkadot
Polkadot (DOT) $ 32.73
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.223986
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 44,864.00
ethereumEthereum (ETH)
$ 3,159.01
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 552.27
litecoinLitecoin (LTC)
$ 164.16
bitcoinBitcoin (BTC)
38.255,40
ethereumEthereum (ETH)
2.693,68
tetherTether (USDT)
0,852697
bitcoin-cashBitcoin Cash (BCH)
470,92
litecoinLitecoin (LTC)
139,98
bitcoinBitcoin (BTC)
32,890.92
ethereumEthereum (ETH)
2,315.95
tetherTether (USDT)
0.733125
bitcoin-cashBitcoin Cash (BCH)
404.88
litecoinLitecoin (LTC)
120.35

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021

Blockchain/Cryptocurrency Questions and Answers

Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021
Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin44,884 0.07 % 3.39 % 6.85 %
Ethereum3,157.9 0.09 % 4.16 % 12.18 %
Cardano2.270 0.05 % 2.48 % 8.95 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Binance Coin383.48 0.13 % 1.81 % 10.80 %
XRP1.000 0.36 % 1.87 % 10.24 %
Solana149.85 0.59 % 2.38 % 5.52 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
USD Coin1.000 0.06 % 0.17 % 0.22 %
Dogecoin0.2238 0.13 % 0.45 % 9.50 %

bitcoin
Bitcoin (BTC) $ 44,864.00
ethereum
Ethereum (ETH) $ 3,159.01
cardano
Cardano (ADA) $ 2.27
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 383.25
xrp
XRP (XRP) $ 1.00
solana
Solana (SOL) $ 149.61
polkadot
Polkadot (DOT) $ 32.73
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.223986