Sourceforge Attack: Full Report
Feb 01, 2011, 15:32 (0 Talkback[s])
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
"As we've previously announced, SourceForge.net has been the
target of a directed attack. We have completed the first round of
analysis, and have a much more solid picture of what happened, the
extent of the impact, our plan to reduce future risk of attack.
We're still working hard on fixing things, but we wanted to share
what we know with the community.
"We discovered the attack on Wednesday, and have been working
hard to get things back in order since then. While several boxes
were compromised we believe we caught things before the attack
escalated beyond its first stages.
"Our early assessment of which services and hosts were impacted,
and the choice to disable CVS, ishell, file uploads, and project
web updates appears to have prevented any further escalation of the
attack or any data corruption activities."