Apache site hacked via SSH keys

Summary:The Apache.org website suffered an intrusion over the weekend that resulted in the site being taken down.

The Apache.org website suffered an intrusion over the weekend that resulted in the site being taken down.

The attack came via a third-party that was hosting the provider's servers used for hosting the ApacheCon site, according to a blog post by the Apache infrastructure team.

From that server the intruders were able to gain access to a backup server, on which they were able to create CGI scripts that were then automatically rsynced out to Apache's production web servers. Once on the production servers, the scripts were executed, spawning rogue processes which drew the infrastructure team's attention.

To the best of the team's knowledge, there has been no evidence that any downloads were affected and the intruders were unable to escalate their privileges.

Apache Software Foundation member, J Aaron Farr, said on reddit that the ApacheCon server would be rebuilt from scratch and that the team was still looking into how it was compromised.

There's no need to run to the hills screaming and yelling in fear that the next iteration of Apache's web server could have "bad stuff" in it. This is an instance of defacing which only affected the Apache.org website itself. Farr said that Apache's svn servers were fine so the code is clean.

This is a good lesson on the potential downside of using SSH keys, which enable password-less log-ins for you, your scripts and anyone else that can get into your account.

While I am far from knowledgeable on Apache's infrastructure, it does seem a little concerning that the compromised backup server was the same server used to seed the production web servers.

Apache has said that it will come out with a full explanation once it has the whole story, where I hope it will announce the separation of the backup and seeding functions of the compromised backup server.

Topics: Security, Enterprise Software, Servers, Storage


Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.