Blast from the Past

In early 2019, the pear.php.net server was compromised and the go-pear.phar bootstrap file was replaced with malware that opens a reverse shell via Perl. The breach went undetected from December 20, 2018 to January 19, 2019. Systems that downloaded and ran go-pear.phar during that window should be considered compromised. The incident highlights broader supply chain security failures: no cryptographic signatures were published for the file, documentation encouraged users to run downloaded executables without verification, and the project lacked sufficient maintainer resources to detect the intrusion quickly. The post also contextualizes PEAR's history and declining relevance since Composer's rise, notes that PEAR is still bundled with PHP primarily for the PECL installer, and concludes with lessons about treating security as an ongoing process rather than a one-time project.