Anthony Ferrara has tossed his own hat into the ring around the debate that's been going about the RFC for scalar type hints in PHP. In his post he agrees with (most of) the suggestions made in the proposal around strict, weak and the "compromise" of mixed typing.

There's currently a proposal that's under vote to add Pascal Martin's excellent post about it. What I want to talk about is more of an opinion. Why I believe this is the correct approach to the problem.

He starts off talking about the "all strict" angle that some suggested as the proper approach then moves into the "weak argument" explaining the difference between the two. He shares a bit of history around the problems detecting subtle bugs caused by typing issues and how it is definitely a problem that needs solving. Finally, he talks about the mixed-typing compromise and provides some code samples showing a common bug that can happen with weak typing.

As many probably noticed yesterday, the entire PHP.net domain (subdomains and all) were marked by the Google Safe Browsing service as potentially harmful. The issue has been discovered and resolved so things are back to normal, but the development group wanted to provide an update as to the current status.

We are continuing to work through the repercussions of the php.net malware issue described in a news post earlier today. As part of this, the php.net systems team have audited every server operated by php.net, and have found that two servers were compromised: the server which hosted the www.php.net, static.php.net and git.php.net domains, and was previously suspected based on the JavaScript malware, and the server hosting bugs.php.net. The method by which these servers were compromised is unknown at this time.

The post talks about some of the actions taken since the compromise and more details about what happened. It all revolved around a malicious Javascript file that was served to some visitors of the site. For more information as it becomes available, check back with the main PHP.net site or follow official_php on Twitter.

Greg Freeman has posted the second part of his "hacked PHP application" series (part one is here). In this new post he looks at the aftermath - what to do and check to do cleanup and fixes so it doesn't happen again.

This is a follow up post from my previous post “How to Tell if Your PHP Site has been Hacked or Compromised“. This post will discuss some the first steps you should take when you have identified that your site has been compromised. The first sections discuss a few points that are not relevant to everyone, the later sections will discuss how to fix the exploits.

He includes a list of things to think about including:

• What kind of hosting you use (and if that contributed)
• The option to redirect all requests for your site to one page
• Get a list of all PHP files to locate something malicious
• Locating "non-PHP PHP files"
• Finding files with possible malicious content

He also includes a few suggestions to help prevent issues in the future - update to the latest versions, patch your code, rethinking your permissions and monitoring for potential repeat attacks.

In this recent post to his site Greg Freeman share some things to check for when you think your PHP site (any kind, even something like WordPress) might have been compromised.

A friend of mine recently had their site compromised, they were running an older version of IP.Board that is vulnerable to a local file inclusion vulnerability. This post won’t be about IP.Board or any specific php code, it will show you how to locate potential malicious php code hosted on your servers and how to fix it. Finally I will give a brief explanation on what attacker’s are uploading to compromised sites.

Among the things he recommends are tips like:

• Check your Access Logs
• Finding Recently Modified PHP Files
• Finding obfuscated code
• Always search your writable upload directories for executable code
• Check .htaccess Files if you use Apache

You can find the descriptions for each of these (and some others to watch out for) in the full post.