PEAR’s (PHP Extension and Application Repository) web server disabled due to a security breach

Last week, the researchers at PEAR (PHP Extension and Application Repository) reported a security breach on PEAR’s web server, http://pear.php.net.

They found that the go-pear.phar was breached. Following this, the PEAR website itself has been disabled until a known clean site can be rebuilt. The community tweeted that “a more detailed announcement will be on the PEAR Blog once it's back online”.

https://twitter.com/pear/status/1086634389465956352

According to researchers, the users who have downloaded the go-pear.phar in the past six months should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes. If the hashes are different, this indicates that the user may have the infected file. The community is in the process of rebuilding the site; however, they are not sure of the ETA yet.

To stay updated, keep a close watch on PEAR’s twitter account.

Symfony leaves PHP-FIG, the framework interoperability group

Internal memo reveals NASA suffered a data breach compromising employees social security numbers

Justice Department’s indictment report claims Chinese hackers breached business and government network