On Jan 19, 2019, pear.php.net released statement that their web server had been compromised and that a tainted go-pear.phar file was discovered. You can view the current status here:
What does this mean?
If you downloaded the go-pear.phar file from php.net from July 2018 to Jan 2019, there's a possibility you downloaded an infected file. You should check to confirm the authenticity of this file.
Why would I have downloaded this file?
There are several PHP installations that require PEAR. For example:
How do I check the go-pear.phar file's authenticity?
The following steps walk you through how to check your current go-pear.phar file.
- Use SSH to log into your site where you are currently using PEAR.
- Navigate to the directory you previously downloaded the go-pear.phar file to. This is most likely your user's home directory.
[server]$ cd ~
- Check the md5sum value.
[server]$ md5sum go-pear.phar
- When you run this command, a long string of numbers and letters is returned. The infected file has the following hash value.
- If you see this value returned, you should proceed to disable the previous PEAR installation files and folders.
[server]$ mv go-pear.phar go-pear.phar_COMPROMISED [server]$ mv .pearrc .pearrc_COMPROMISED [server]$ mv pear pear_COMPROMISED
- Next, download a fresh copy of the go-pear.phar file here:
[server]$ wget https://objects-us-east-1.dream.io/kbfiles/pear/go-pear.phar --no-check-certificate
- You can then use the newly downloaded file to re-install PEAR using this article: