The Apache Project's Infrastructure Team was forced to take its primary servers offline yesterday, after discovering that unknown hackers uploaded and executed malicious code on them. The attackers apparently used a stolen SSH authentication key associated with a backup account to break in.

The attack started during the evening of August 27 and targeted the minotaur.apache.org aka people.apache.org server. According to the Apache team, this is the "seed host for most apache.org websites" and also hosts accounts for all developers.

The perpetrators logged in to the server running FreeBSD 7-STABLE using the SSH key corresponding to an account employed to perform automatic backups for the ApacheCon website. Fortunately, they did not succeed in escalating the account's privileges on the server.

Using the compromised account's access to the directory housing the www.apache.org website, the attackers proceeded to uploading several CGI scripts and other files. These rogue files were then copied by automatic sync processes to most of the project's webservers....

Read the original here:
Apache.org Compromised by Hackers

>