We woke up this morning to many reports and people asking why the PHP.net site is being blacklisted.We did not get a chance to analyze it while it was compromised, but it seems that one of their javascript files (static.php.net/www.php.net/userprefs.js) was modified to inject a malicious iframefrom http://lnkhere.reviewhdtv.co.uk/stat.htm.
That’s the supposed bad code: http://pastebin.com/raw.php?i=nAess4xL
It seems the PHP team fixed it already and requested Google to clear it. If anyone has more info, we would love to hear it.