UPDATE: A post regarding this incident from apache.org is available at https://blogs.apache.org/infra/entry/apache_org_downtime_initial_report
______________________________________________________________________________
As of this moment, Apache.org is reporting that SSH key associated with its US servers has been compromised and are shifting all traffic to their European mirror.
Details of the attack/compromise are few at the moment, as this is breaking news. It is worth remembering however that a compromised SSH key led to in-the-wild exploitation of Linux based systems exactly this time last year, for the purposes of installing rootkits. Keep your eye on how this story develops.
Apache servers account for around 50% of all web servers in the July 2009 web server survey.
Pingback: ShaunWright.co.uk » Blog Archive » Dare I say, Owned? Again.
Pingback: Apache.org Hacked Using Remote SSH Key | Darknet – The Darkside
Pingback: Apache Website Owned! | SecTechno
Pingback: Twitter Trackbacks for Apache SSH Key compromised » CounterMeasures [trendmicro.eu] on Topsy.com
oops… thats crazy they got apache im wondering if we will ever get details about the attack
also math spam protection is way lame see my post here
http://blog.cartercole.com/2009/08/why-textual-captchas-are-fail.html
it would be oh so easy to have my script pull and pares your <span class=”spamText”>Sum of 6 + 8 ?</span>
Thanks Carter, I agree about the math CAPTCHA, but honestly it cut my Spam trashing workload by at least three quarters, that’s enough time for at least two beers, and in my world, that’s a good thing :)
Thanks for reading the blog!
Rik