It’s been two weeks since the publication of an article on ZDNet on illegal files found on the php.net server. The author wrote in the article:
PHP, utilized by millions of Web sites around the Web, has a not-so-hidden secret on their Web site: a directory full of pirated content, config files containing user name and password information, and more.
While the ZDNet article contains some factual errors (the “pirated content” was located only on the id.php.net server, which is simply a 3rd party mirror hosted by http://www.pesat.net.id/), the screenshot below demonstrates one major problem…
… If someone (even sysadmin) downloaded pirated and potentially malicious files to the trusted web server, someone else can with ease replace the valid content (ie. PHP binaries or documentation) with a tainted data. (more…)