Interesting! It might actually have a big impact, given how much in use the page is. And the target audience of php.net is likely to be a good target for keylogger attacks (SSH/SFTP logins and the like to development and production machines). It's certainly getting worse than I expected at first. Given how low the AV detection rate is, it would be interesting in how much impact the plugin exploits have for the overall installation base.
Site is a little sluggish, here's a render — <a href="http://i.imgur.com/IjbsN8v.jpg" rel="nofollow">http://i.imgur.com/IjbsN8v.jpg</a>
I was expecting a detailed account of how the server was compromised, although this account of the drive-by malware operating details was interesting too.