| Monday May 30th 2016

Apache.org hacked

Yesterday the official website for the Apache Software Foundation (of the Apache web server fame) was offline for several hours.

When it came back online, it briefly showed this message:

apache.org hacked

The site looks normal now.

Why is this important? Because the Apache web server software is distributed from apache.org, and roughly one half of all the web servers on the planet run on Apache!

This a good reason to NOT leave SSH keys to your servers lying around and to properly practice separation of security concerns. A backup machine shouldn’t EVER have the necessary privileges to push live code to production!

The fact that this was caught by luck (i.e., the attackers didn’t install a rootkit that hid all activities from observation, and someone happened to be observing) is even more frightening given the reliance on Apache code across the internet.

More info now at blogs.apache.org.

Related Posts: On this day...

Reader Feedback

One Response to “Apache.org hacked”

  1. dog says:

    This really is first rate. I’m going to e mail this to a couple of friends if that’s fine.

Leave a Reply

You must be logged in to post a comment.