Original URL: http://www.theregister.co.uk/2009/08/28/apache_hack/
Hackers scalp Apache
SSH hits the fan
The website of Apache was taken offline for several hours on Friday after the SSH remote administration key on one of its servers was compromised.
SSH is a widely used technology for remote administration, so in the worst scenario the compromise created a means for hackers to upload Trojanised code onto the download section of Apache's website. Around 50 per cent of webservers run Apache, according to the latest stats from Netcraft, so any problem would be extremely widely felt.
It's unclear at present whether any code on the Apache website was actually modified. Nor do we know how the attack was carried out or who was behind it.
Apache's web site was restored after DNS records were changed so that servers based in Europe rather than at the main US site were carrying the load.
Rik Ferguson, a security researcher at Trend Micro, notes that the same type of compromised SSH key problem led to attacks that attempted to install rootkits on Linux based systems in August 2008.
Reg reader Jack C told us on Thursday that http://httpd.apache.org/ was giving a directory listing where the index page should be. We saw this but didn't think much of it at the time. Friday's SSH glitch potentially casts this incident in a new light.