Hackers Penetrate Apache Project Server Using SSH Vulnerability

The website of Apache Project went offline for several hours last weekend after some anonymous hackers reportedly uploaded and executed malicious codes on the website’s servers.

The hackers seemingly employed a stolen SSH authentication key linked with a backup account to compromise one of the website’s servers, forcing the Apache Project’s Infrastructure team to take the servers offline for hours.

The attack kicked off on Friday evening last week and aimed at the minotaur.apache.org, also referred to as people.apache.org server, which is the “seed host for most apache.org websites” and further hosts the accounts for its entire developer community, according to Apache team.

Hackers broke into the server running Free-BSD 7-Stable using the SSH key associated with a backup account. However, they didn’t manage to escalate the account’s privileges on the compromised server.

As of now, it’s not clear whether any code on the website of Apache was actually altered, and how the attack was performed or who was behind it.

However, the issue with the website was fixed after DNS records were modified so that its Europe-based servers instead of main site in the US were carrying the entire load.

The infrastructure team of the website said: “At this time several machines remain offline, but most user facing websites and services are now available”.