The Apache website was taken offline for several hours after attackers used a SSH key to access one of its ser...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Apache shut down all its machines as a precaution and switched over to an unaffected European mirror server. On its blog, the Apache Infrastructure TeamApache said it did not believe any end-users or downloads of enormously popular Web server software were affected. The blog also said that the attackers failed to escalate privileges.
Apache stressed that the attack was the result of the compromised SSH key, not an exploit of Apache software. It said it was conducting an audit of all affected machines.
On Thursday, the key was used to access an account used for automated backups for the ApacheCon website. The attackers created several files, including CGI scripts which they used to launch rogue processes this morning on Apache's production Web services.
There was no information on how the attackers were able to get the SSH key. In 2001, an attacker was able to compromise SSH on SourceForge and tunnel to the Apache site when an Apache developer logged into his SourceForge account.
Dig Deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)