On Oct. 24, Google began to flag PHP.net as being a site hosting malware, i.e., potentially a watering hole.
PHP.net is the community home for the open-source PHP programming language that powers hundreds of millions of Websites around the world (including this one). Initially, PHP.net administrators claimed that Google was wrong and that it was some kind of false-positive scan for malware.
Within hours, PHP.net administrators realized that in fact multiple PHP servers and domains were compromised. Among the compromised sites are www.php.net, static.php.net, git.php.net and bugs.php.net.