On January 19th, 2019, the team behind PEAR (PHP Extension and Application Repository) announced that their web server hosting pear.php.net had been compromised. It was also determined that the copy of PEAR available for download on their site included a compromised version of the go-pear.phar file which is used to install PEAR.
The PEAR team has indicated that anyone who has downloaded this file from their site since December 20th, 2018 should be concerned. However, because the last known good copy of this file is from August 2018, it is suggested to check if you have been impacted by this compromise if you have installed PEAR since then.
if you have downloaded this go-pear.phar file since August 2018, it’s recommended that you check if it is a version that has been compromised. This can be done by doing the following:
If the reported checksum of this file is 1e26d9dd3110af79a9595f1a77a82de7, this means the version that was downloaded has been compromised.
If you have downloaded a compromised version of this file, we would encourage you to immediately backup all of your data including your database(s), and website files. Once a backup of this data is available, we would recommend deploying a new Droplet, upload your data, and then import your databases into this new Droplet.
To aid in this migration process, please refer to our Community articles that outline how to compress your data, migrate it using Rsync and how to import and export databases.
Once you have confirmed that things are working properly on this new Droplet, destroy the original Droplet that contains this compromised go-pear.phar file.
Until PEAR has communicated that this has been addressed and resolved, we advise against installing it. To follow the status of their investigation and for additional details, you can refer to their Twitter account. They have also stated that they will post details to their blog once their site has been restored.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Click below to sign up and get $100 of credit to try our products over 60 days!