---

SourceForge Outlines Nature of Shell Server Compromise

SourceForge has posted details on the compromise that led to
cracks of several sites, including php.net, apache.org, and
themes.org.

“This notice contains official details provided by the
SourceForge.net team. On Tuesday, 22 May, 2001, the security was
compromised on one of the SourceForge.net project shell servers.
Security and data integrity has since been restored and
SourceForge.net services are currently online and functioning
properly.

This compromise affected one of the SourceForge.net project
shell servers. SourceForge.net staff detected this intrusion and
promptly took the compromised system offline for further analysis.
At that time, notification was provided to end-users that shell
services had been taken offline pending completion of an unplanned
event.

SourceForge.net firmly supports the use of security-enhancing
tools and and proper security practices. All SourceForge.net site
users are provided with SSL-protected access to the SourceForge.net
site. All users of the project services SourceForge.net provides;
including shell services, CVS services, and compile farm services;
are required to use the SSH (Secure SHell)
cryptographically-enhanced communications suite in using these
services.”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis