The infection was first reported by Chrome users who observed that Google had flagged PHP.net for serving malware-laden JS files. The resulting investigation found that two servers had been compromised, affecting several domains (www.php.net, git.php.net, bugs.php.net, and static.php.net).

This appears to have been a somewhat minor attack, and all of the code has been migrated to new servers. However, the PHP.net site is basically a watering hole for tens of thousands of PHP developers - any such attack on it should be taken very seriously, because a virulent attack against developers could compromise thousands of machines or accounts that have direct access to many servers and web applications.

In the latest update from PHP.net, assurances are made that the source code repositories for the project were untouched, although it does seem that credentials (including commit access credentials and SSL certificates) could have been exposed, so precautions are being taken.