The Apache.ORG website was cracked and defaced by an unknown cracker, and that seems to be the reason that the site was taken down. Below is the system information from defaced: Operating System: FreeBSD 2.2.1 - 3.2 Web Server: Apache/1.3.9 (Unix) ApacheJServ/1.1 PHP/3.0.12 AuthMySQL/2.20 This is certainly a cause of concern for me, I don't know about you. --------------------------------------------------- a8888b. Ian Gulliver d888888b. Co-Owner, Systems Administrator 8P"YP"Y88 Penguin Hosting 8|o||o|88 60 Schillings Crossing 8' .88 Canaan, NY 12029 8`._.' Y8. ian@penguinhosting.net d/ `8b. Work: 518-781-0084 .dP . Y8b. Pager: 518-671-0369 d8:' " `::88b. d8" `Y88b :8P ' :888 8a. : _a88P Linux ._/"Yaa_ : .| 88P| ------------- \ YP" `| 8P ` The Choice of / \._____.d| .' the GNU Generation `--..__)888888P`._.' ----------------------
On Thu, 4 May 2000, Ian Gulliver wrote:
The Apache.ORG website was cracked and defaced by an unknown cracker, and that seems to be the reason that the site was taken down. Below is the system information from defaced:
No, you are responding to an old message. It was simply down at the time. And it is simply down now, AFAIK. Nothing to do with Apache, simply due to the fact that it isn't operated by an organization with the infrastructure in place for robust 24x7 operations.
Operating System: FreeBSD 2.2.1 - 3.2 Web Server: Apache/1.3.9 (Unix) ApacheJServ/1.1 PHP/3.0.12 AuthMySQL/2.20
This is certainly a cause of concern for me, I don't know about you.
Yesterday, the system that hosts www.apache.org, among other things, was broken into. This compromise did _NOT_ involve any security holes in any software running on this system, including the Apache HTTP server. It was entirely due to configuration errors. We are in contact with the people who did this and are working to ensure the system is secure. We are confident that the material hosted on this server is safe, but are continuing our investigations and reviewing various policies. Further information will be available in the near future. As always, if you are concerned about the authenticity of source code being downloaded, you should use some means to verify it. In this case, use the PGP signatures on the Apache distribution.
---------------------------------------------------
[...silly long sig removed...] -- Marc Slemko | Apache Software Foundation member marcs@znep.com | marc@apache.org
participants (2)
-
Ian Gulliver
-
Marc Slemko