Apache.org hit by SSH key compromise

The open-source Apache Software Foundation pulled its Apache.org Web site offline for about three hours today because of server hack caused by a compromised SSH key.

The open-source Apache Software Foundation pulled its Apache.org Web site offline for about three hours today because of server hack caused by a compromised SSH key.

A brief message posted on the site (see image below) made it clear the compromise was "not due to any software exploits in Apache itself", but was actually caused by a compromised SSH key.

The group did not say which Apache software servers were affectedUPDATE: An initial report from Apache is now available.

* Screenshot via The H Security. More at Threatpost.com.