SSH key compromise shuts down Apache website

Attackers forced Apache to shut down its website for several hours Friday morning, using a compromised SSH key to gain access to one of its servers.

The Apache website was taken offline for several hours after attackers used a SSH key to access one of its servers.

Apache shut down all its machines as a precaution and switched over to an unaffected European mirror server. On its blog, the Apache Infrastructure TeamApache said it did not believe any end-users or downloads of enormously popular Web server software were affected. The blog also said that the attackers failed to escalate privileges.

Apache stressed that the attack was the result of the compromised SSH key, not an exploit of Apache software. It said it was conducting an audit of all affected machines.

On Thursday, the key was used to access an account used for automated backups for the ApacheCon website. The attackers created several files, including CGI scripts which they used to launch rogue processes this morning on Apache's production Web services.

There was no information on how the attackers were able to get the SSH key. In 2001, an attacker was able to compromise SSH on SourceForge and tunnel to the Apache site when an Apache developer logged into his SourceForge account.

Dig deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close