The website of Apache was taken offline for several hours on Friday after the SSH remote administration key on one of its servers was compromised.

SSH is a widely used technology for remote administration, so in the worst scenario the compromise created a means for hackers to upload Trojanised code onto the download section of Apache's website. Around 50 per cent of webservers run Apache, according to the latest stats from Netcraft, so any problem would be extremely widely felt.

Apache's web site was restored after DNS records were changed so that servers based in Europe rather than at the main US site were carrying the load.

Rik Ferguson, a security researcher at Trend Micro, notes that the same type of compromised SSH key problem led to attacks that attempted to install rootkits on Linux based systems in August 2008.

Screenshots of Apache's statement on the incident, since removed, have been preserved for posterity in a blog posting by Trend Micro here and F-Secure here. ®

Bootnote

Reg reader Jack C told us on Thursday that http://httpd.apache.org/ was giving a directory listing where the index page should be. We saw this but didn't think much of it at the time. Friday's SSH glitch potentially casts this incident in a new light.

Related stories

• Breaching Fort Apache.org - What went wrong? (3 September 2009)
• Security elite pwned on Black Hat eve (29 July 2009)
• OpenSSH chink bares encrypted data packets (19 May 2009)
• Brutish SSH attacks continue to bear fruit (17 April 2009)
• Brute force SSH attack confounds defenders (8 December 2008)
• SSH sniffer attack poses minor risk (18 November 2008)
• CERT: Linux servers under 'Phalanx' attack (27 August 2008)