Linux Today: Linux News On Internet Time.

ApacheToday: Apache Software Foundation Server compromised, resecured.

May 31, 2001, 12:33 (11 Talkback[s])

[ Thanks to Herminio and Scott Courtney for this link. ]

The recent compromise of SourceForge servers had farther-reaching impact than on the users of that service alone. This report from Brian Behlendorf of the Apache project explains a crack one of the project's public servers underwent involving an ssh client compromised to log outgoing names and passwords. A rather extensive audit and verification process remains underway.

"Earlier this month, a public server of the Apache Software Foundation (ASF) was illegally accessed by unknown crackers. The intrusion into this server, which handles the public mail lists, web services, and the source code repositories of all ASF projects was quickly discovered, and the server immediately taken offline. Security specialists and administrators determined the extent of the intrusion, repaired the damage, and brought the server back into public service. The public server that was affected by the incident serves as a source code repository as well as the main distribution server for binary release of ASF software. There is no evidence that any source or binary code was affected by the intrusion, and the integrity of all binary versions of ASF software has been explicitly verified. This includes the industry-leading Apache web server."

Complete Story

Related Stories: