Apache Website Owned!
Apache Software Foundation website was down last Friday after hackers compromised SSH key to one of their main servers.
Secure Shell is a very popular technology that can provides a secure servers remote administration, well if the hackers manage to upload a rootkit or Trojan over the download package of apache website, this can cause a great damage to a huge number of website especially that according to the latest stats from Netcraft more than half of all web servers widely are running Apache.
On Friday Apache Software foundation has made an official note as follows:
On August 27th, starting at about 18:00 UTC an account used for automated backups for the ApacheCon website hosted on a 3rd party hosting provider was used to upload files to minotaur.apache.org. The account was accessed using SSH key authentication from this host.
To the best of our knowledge at this time, no end users were affected by this incident, and the attackers were not able to escalate their privileges on any machines.
While we have no evidence that downloads were affected, users are always advised to check digital signatures where provided.
Here you can find the screenshot posted by Trendmicro Blog,the identity and reason of this attack still not discovered yet but sharing the information of this incident is very good point and can help to build a solid trust in The Apache Software Foundation.
make sure you subscribe to my RSS feed!