apache.org被黑了

这个消息大家前两天应该也知道了，细节可以看下，黑客是如何在没有root权限的情况下从一个服务器跳到另外的服务器的。apache.org号称黑客没有跳出环境，代码也没有受到影响，但我表示怀疑，apache.org用的fbsd7-stable的内核，但milw0rm上有个bsd-ktimer.c （http://www.milw0rm.com/exploits/8261） ，还不知道这exp好用不，说不定黑客故意deface，然后让apache的人以为仅仅是deface。其实已经root了。不过话说apache.org的好些早都被国外某黑客组织给root了，并在apache代码里留下了逻辑后门，也不差这一次了，反正大家该用还是继续用。

创新互联建站坚持“要么做到，要么别承诺”的工作理念，服务领域包括：成都做网站、网站建设、企业官网、英文网站、手机端网站、网站推广等服务，满足客户于互联网时代的巨野网站设计、移动媒体设计的需求，帮助企业找到有效的互联网解决方案。努力成为您成熟可靠的网络建设合作伙伴！

Netcraft is reporting that apache.org has been compromised. The apache blog posted the following message indicating an SSH key compromise.

“This is a short overview of what happened on Friday August 28 2009 to the apache.org services. A more detailed post will come at a later time after we complete the audit of all machines involved.

On August 27th, starting at about 18:00 UTC an account used for automated backups for the ApacheCon website hosted on a 3rd party hosting provider was used to upload files to minotaur.apache.org. The account was accessed using SSH key authentication from this host.

To the best of our knowledge at this time, no end users were affected by this incident, and the attackers were not able to escalate their privileges on any machines.

While we have no evidence that downloads were affected, users are always advised to check digital signatures where provided.

minotaur.apache.org runs FreeBSD 7-STABLE and is more widely known as people.apache.org. Minotaur serves as the seed host for most apache.org websites, in addition to providing shell accounts for all Apache committers.

The attackers created several files in the directory containing files for （www.apache.org）, including several CGI scripts. These files were then rsynced to our production webservers by automated processes. At about 07:00 on August 28 2009 the attackers accessed these CGI scripts over HTTP, which spawned processes on our production web services.

At about 07:45 UTC we noticed these rogue processes on eos.apache.org, the Solaris 10 machine that normally serves our websites.

Within the next 10 minutes we decided to shutdown all machines involved as a precaution.

After an initial investigation we changed DNS for most apache.org services to eris.apache.org, a machine not affected and provided a basic downtime message.

After investigation, we determined that our European fallover and backup machine, aurora.apache.org, was not affected. While the some files had been copied to the machine by automated rsync processes, none of them were executed on the host, and we restored from a ZFS snapshot to a version of all our websites before any accounts were compromised.

At this time several machines remain offline, but most user facing websites and services are now available.

We will provide more information as we can.”

Netcraft: （http://news.netcraft.com/archives/2009/08/28/apacheorg_compromised.html）

Apache Blog: （http://blogs.apache.org/infra/）

ZDNET: （http://blogs.zdnet.com/security/?p=4147）

TheRegister: （http://www.theregister.co.uk/2009/08/28/apache_hack/）

网页题目：apache.org被黑了
当前网址：http://www.shufengxianlan.com/qtweb/news27/295627.html

网站建设、网络推广公司-创新互联，是专注品牌与效果的网站制作，网络营销seo公司；服务项目有等

广告

声明：本网站发布的内容（图片、视频和文字）以用户投稿、用户转载内容为主，如果涉及侵权请尽快告知，我们将会在第一时间删除。文章观点不代表本网站立场，如需处理请联系客服。电话：028-86922220；邮箱：631063699@qq.com。内容未经允许不得转载，或转载时需注明来源： 创新互联