Mystery still surrounds hack of PHP PEAR website

Image: PHP PEAR Team

Details remain foggy about a recent security breach at the PHP PEAR website, a crucial, but lesser-known part of the PHP ecosystem.

PEAR, which stands for “PHP Extension and Application Repository,” is the first package manager that was developed for the PHP scripting language back in the 1990s, and works by allowing developers to load and reuse code for common functions delivered as PHP libraries.

While currently most PHP developers have switched to using Composer, a newer third-party package manager, PEAR still remains very popular and is still very widespread because it’s also been included by default with all official PHP binaries for Linux.

PHP developers can use the PEAR version that ships with their PHP distribution, but they can also download an updated PEAR (go-pear.phar) version from the PEAR website (which also hosts all PEAR-compatible PHP libraries).

However, last week, the PHP PEAR website –located at– was taken down and its homepage replaced with a short message announcing a security breach.

According to the message, the PEAR team said they’ve found that the official website had been hosting a “tainted go-pear.phar” file –which is the main PHP PEAR executable.

“If you have downloaded this go-pear.phar in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes,” said the message on the official website. “If different, you may have the infected file.”

PHP PEAR security breach

PHP PEAR security breach

Image: ZDNet

According to a VirusTotal scan of the tainted go-pear.phar file, the malicious version made available through the official PEAR website appears to contain what some antivirus vendors are describing as a backdoor.

What exactly this backdoor does, is currently unknown, as the PHP PEAR team is still analyzing the file’s source code, which contains thousands of line of code.

All PHP web servers where administrators installed an update to the PHP PEAR executable (go-pear.phar) that they downloaded from the PEAR website should be considered compromised and treated accordingly.

The PHP PEAR team says it’s still auditing and rebuilding its website, looking for the security hole that attackers exploited six months ago to plant the backdoored go-pear.phar file in the first place.

PEAR developers promised a more detailed incident post-mortem when this operation concludes.

In the meantime, earlier today, the PHP PEAR team also released PEAR v1.10.10, a new PEAR release, which is identical with the previous release v1.10.9, but which the PHP PEAR team uploaded on GitHub to give it a new timestamp and signal that it’s a clean version that webmasters can install without fear of downloading a potentially backdoored release.

While PHP currently powers nearly 79 percent of all internet sites, only a small portion of them are likely to be affected by this incident, as most people either use Composer or rarely update the PEAR executable in the first place.

More security coverage:

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

What Are E-stablecoins And How Do They Operate?
What Are E-Stablecoins And How Do They Operate?
August 11, 2022
How to Choose a Legit Crypto Casino?
August 5, 2022
Spend Crypto
5 Ways to Spend Crypto
August 2, 2022
What Is A DAO LLC?
What Is A DAO LLC?
August 2, 2022
Can Running A Lightning Node Earn You Passive Income?
Can Running A Lightning Node Earn You Passive Income?
July 5, 2022

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin24,535 0.35 % 0.39 % 6.74 %
Ethereum1,988.3 0.17 % 0.57 % 17.42 %
Tether1.001 0.21 % 0.03 % 0.02 %
USD Coin1.000 0.44 % 0.25 % 0.18 %
BNB326.69 0.35 % 0.93 % 3.54 %
Cardano0.5829 0.20 % 4.47 % 13.65 %
XRP0.3859 0.48 % 1.61 % 3.62 %
Binance USD0.9999 0.08 % 0.03 % 0.01 %
Solana42.12 0.56 % 2.22 % 3.81 %
Polkadot9.340 0.54 % 1.28 % 9.41 %

Bitcoin (BTC) $ 24,581.00
Ethereum (ETH) $ 1,991.00
Tether (USDT) $ 1.00
USD Coin (USDC) $ 1.00
BNB (BNB) $ 327.26
Cardano (ADA) $ 0.582058
XRP (XRP) $ 0.386678
Binance USD (BUSD) $ 1.00
Solana (SOL) $ 46.67
Polkadot (DOT) $ 9.35