Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Security / Incidents

Incidents

Apache.org Compromised by Hackers

Rogue scripts uploaded and executed on the primary servers

By Lucian Constantin, Web News Editor

29th of August 2009, 08:01 GMT

Adjust text size:


Attackers hack into the Apache Foundation's network infrastructure
Enlarge picture
The Apache Project's Infrastructure Team was forced to take its primary servers offline yesterday, after discovering that unknown hackers uploaded and executed malicious code on them. The attackers apparently used a stolen SSH authentication key associated with a backup account to break in.

The attack started during the evening of August 27 and targeted the minotaur.apache.org aka people.apache.org server. According to the Apache team, this is the "seed host for most apache.org websites" and also hosts accounts for all developers.

The perpetrators logged in to the server running FreeBSD 7-STABLE using the SSH key corresponding to an account employed to perform automatic backups for the ApacheCon website. Fortunately, they did not succeed in escalating the account's privileges on the server.

Using the compromised account's access to the directory housing the www.apache.org website, the attackers proceeded to uploading several CGI scripts and other files. These rogue files were then copied by automatic sync processes to most of the project's webservers.

The Apache Infrastructure Team notes that, during the morning of August 28, the CGI scripts were executed remotely via HTTP, resulting in unauthorized processes being created on eos.apache.org, which alerted the admins. "Within the next 10 minutes we decided to shutdown all machines involved as a precaution," the team notes.

A preliminary investigation revealed that one server called eris.apache.org was completely unaffected, so it was used to convey a downtime alert for most apache.org services. The administration later changed all websites to point to aurora.apache.org, the project's European backup mirror, which had the rogue files copied on it, but not executed, and was easier to clean.

Several servers are still offline, but most public services are available again, the Apache team announces. The investigation goes on and, while there is yet no reason to believe that Apache-related downloads have been affected, users are advised to employ the available digital signatures to check the authenticity and integrity of the files.

TAGS:

 Apache | code execution | server hack | website compromise | SSH key
Read by 1,017 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
Excellent (5.0/5) 1 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


PerlMonks ZF0 Hack Has Wider Implications

Security Gurus 0wned by Black Hats

Web Servers in Danger from Low Bandwidth HTTP DoS

The Cligs URL Shortening Service Hacked

FTP Credentials for Major Websites Compromised

MSN Canada Website Compromised by Hackers

The phpBB Project Website Hacked

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive