Article

SSH key compromise shuts down Apache website

SearchSecurity.com Staff

The Apache website was taken offline for several hours after attackers used a SSH key to access one of its servers.

Apache shut down all its machines as a precaution and switched over to an unaffected European mirror server. On its blog, the

    Requires Free Membership to View

Apache Infrastructure TeamApache said it did not believe any end-users or downloads of enormously popular Web server software were affected. The blog also said that the attackers failed to escalate privileges.

Apache stressed that the attack was the result of the compromised SSH key, not an exploit of Apache software. It said it was conducting an audit of all affected machines.

On Thursday, the key was used to access an account used for automated backups for the ApacheCon website. The attackers created several files, including CGI scripts which they used to launch rogue processes this morning on Apache's production Web services.

There was no information on how the attackers were able to get the SSH key. In 2001, an attacker was able to compromise SSH on SourceForge and tunnel to the Apache site when an Apache developer logged into his SourceForge account.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: