A TREND MICRO BLOG

Aug 28

Apache SSH Key compromised

Rik Ferguson

Filed under: Site Compromise | RSS 2.0 | TB | Tags: , , | 6 Comments

UPDATE: A post regarding this incident from apache.org is available at https://blogs.apache.org/infra/entry/apache_org_downtime_initial_report

______________________________________________________________________________ 

As of this moment, Apache.org is reporting that SSH key associated with its US servers has been compromised and are shifting all traffic to their European mirror.

28-08-2009 12-10-13

 

Details of the attack/compromise are few at the moment, as this is breaking news. It is worth remembering however that a compromised SSH key led to in-the-wild exploitation of Linux based systems exactly this time last year, for the purposes of installing rootkits. Keep your eye on how this story develops.

 

Apache servers account for around 50% of all web servers in the July 2009 web server survey.


Bookmark
| More

This entry was posted on Friday, 28. August 2009 and is filed under "Site Compromise". You can follow any responses to this entry with RSS 2.0. You can leave a response here, or send a trackback from your own site.

6 Comments

  1. Friday, 28. August 2009 um 5:08 pm

    oops… thats crazy they got apache im wondering if we will ever get details about the attack

    also math spam protection is way lame see my post here
    http://blog.cartercole.com/2009/08/why-textual-captchas-are-fail.html

    it would be oh so easy to have my script pull and pares your <span class=”spamText”>Sum of 6 + 8 ?</span>

  2. Saturday, 29. August 2009 um 3:12 pm

    [...] Apache SSH Key compromised » CounterMeasures countermeasures.trendmicro.eu/apache-ssh-key-compromised – view page – cached A Trend Micro Blog. Rik Ferguson and others blog about security related issues — From the page [...]

  3. Monday, 31. August 2009 um 3:19 pm

    [...] you can find the screenshot posted by Trendmicro Blog,the identity and reason of this attack still not discovered yet but sharing the information of this [...]

  4. Monday, 31. August 2009 um 11:37 pm

    Thanks Carter, I agree about the math CAPTCHA, but honestly it cut my Spam trashing workload by at least three quarters, that’s enough time for at least two beers, and in my world, that’s a good thing :)

    Thanks for reading the blog!
    Rik

  5. Wednesday, 2. September 2009 um 8:19 am

    [...] on the incident, since removed, have been preserved for posterity in a blog posting by Trend Micro here and F-Secure here. [...]

  6. Sunday, 13. September 2009 um 3:26 pm

    [...] on the incident, since removed, have been preserved for posterity in a blog posting by Trend Micro here and F-Secure here. [...]

Leave a comment

XHTML allowed tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Spam protection

© Copyright 2010 Trend Micro Inc. All rights reserved.
Legal Notice. Disclaimer