| Monday July 28th 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

Apache.org hacked


Yesterday the official website for the Apache Software Foundation (of the Apache web server fame) was offline for several hours.

When it came back online, it briefly showed this message:

apache.org hacked


The site looks normal now.

Why is this important? Because the Apache web server software is distributed from apache.org, and roughly one half of all the web servers on the planet run on Apache!

This a good reason to NOT leave SSH keys to your servers lying around and to properly practice separation of security concerns. A backup machine shouldn’t EVER have the necessary privileges to push live code to production!

The fact that this was caught by luck (i.e., the attackers didn’t install a rootkit that hid all activities from observation, and someone happened to be observing) is even more frightening given the reliance on Apache code across the internet.

More info now at blogs.apache.org.

Related Posts: On this day...

Reader Feedback

One Response to “Apache.org hacked”

  1. dog says:

    This really is first rate. I’m going to e mail this to a couple of friends if that’s fine.

Leave a Reply

You must be logged in to post a comment.