The Apache Foundation shut down several servers last Friday when administrators discovered rogue processes running on one of their machines that serves websites. Investigation revealed that a compromised SSH key on a 3rd party hosting provider allowed attackers to access an account. From there, they were able to create files on an Apache Foundation server, and these files were then propagated to the web servers by automated processes.
A briefing on apache.org gives an overview of the method of attack and the steps administrators took to remove the malicious processes.
“To the best of our knowledge at this time, no end users were affected by this incident, and the attackers were not able to escalate their privileges on any machines.
While we have no evidence that downloads were affected, users are always advised to check digital signatures where provided.“
The Apache admins were able to restore from backup to their web servers, and bring the site back online. They report that some servers remain offline for further investigation, but that most site functionality has been restored.
The Apache Foundation deserves some applause for being open about the attack and the steps they took to combat it.
One take-away from this incident: protect your private keys.
{ 0 comments… add one now }