Mar 21, 2011 14:50 GMT  ·  By

The server housing the php.net developer wiki has been hacked by unidentified attackers who stole account credentials, thus sparking fears of rogue code commits.

The php.net team announced the compromise on Saturday and noted that no other servers associated with the project's infrastructure were affected.

Based on the results of a preliminary investigation, the point of entry was a vulnerability in the DokuWiki software used on the platform.

The attackers then managed to obtain root privileges on the device by exploiting a local Linux privilege escalation vulnerability.

The biggest concern following the incident was that stolen developer credentials might have been used to alter the official php source code.

Because of this, a code audit which reviewed all commits since version 5.3.5 has been performed. Fortunately, no tampering was detected.

There was a brief period when rumors about a backdoor being injected into the code by a Chinese hacker were circulated.

These were based on a blog post dated March 18, but apparently concerned an incident that occurred in December 2010 when a hacker managed to perform a rogue code commit using PHP developer Hannes Magnusson's credentials.

The modification was not malicious and consisted of only adding a name to a credits file. The commit was promptly detected and reverted at the time.

As precaution, the php.net team completely wiped the compromised wiki server and will force a password change for all repository accounts. Developers should also change their password in other locations where they might have used it.

PHP.net is not the first big open source project to fear code tampering or have one of its infrastructure servers was compromised by hackers.

Back in January, the Fedora Project investigated the implications of a contributor's account being hijacked, while last year the ProFTPD Project discovered that its source code was backdoored by attackers who hacked into the distribution server.

In 2009, the Apache Software Foundation had to deal with a serious compromise that involved malicious CGI scripts being written to its mirror servers.