PEAR’s (PHP Extension and Application Repository) web server disabled due to a security breach

1 min read

Last week, the researchers at PEAR (PHP Extension and Application Repository) reported a security breach on PEAR’s web server,

They found that the go-pear.phar was breached. Following this, the PEAR website itself has been disabled until a known clean site can be rebuilt. The community tweeted that “a more detailed announcement will be on the PEAR Blog once it’s back online”.

According to researchers, the users who have downloaded the go-pear.phar in the past six months should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes. If the hashes are different, this indicates that the user may have the infected file. The community is in the process of rebuilding the site; however, they are not sure of the ETA yet.

To stay updated, keep a close watch on PEAR’s twitter account.

Read Next

Symfony leaves PHP-FIG, the framework interoperability group

Internal memo reveals NASA suffered a data breach compromising employees social security numbers

Justice Department’s indictment report claims Chinese hackers breached business  and government network