The Apache Foundation shut down its Web servers early Friday morning after detecting attack code running on the computers, the organization stated in an advisory.

The attack, which started late Thursday night, apparently came from an account used to backup the group's servers automatically to an external hosting service. Using the proper SSH key authentication for the host, the attackers accessed people.apache.org, which acts as a "seed host" for Apache.org's Web sites. The attackers placed script files on the host, which were then synchronized to the Web server, Apache's infrastructure team stated.

The team noticed the attack early Friday morning when it detected the rogue processes spawned by the scripts.

"To the best of our knowledge at this time, no end users were affected by this incident, and the attackers were not able to escalate their privileges on any machines," Apache's infrastructure team said in the statement. "While we have no evidence that downloads were affected, users are always advised to check digital signatures where provided."

Open-source software is a popular target for online attackers. In February, the group that maintains the open-source forum software phpBB acknowledged that an attacker was able to get access to their servers. In 2001, a hacker who used the name Fluffy Bunny compromised Apache's Web site.

Apache current powers approximately 47 percent of all Web sites, according to the latest Netcraft survey.


If you have tips or insights on this topic, please contact SecurityFocus.