Re: Apache.ORG Website

[Marc Slemko <marcs () znep com>]

On Thu, 4 May 2000, Ian Gulliver wrote:

> The Apache.ORG website was cracked and defaced by an unknown cracker, and
> that seems to be the reason that the site was taken down.  Below is the
> system information from defaced:

No, you are responding to an old message.  It was simply down at the time.  
And it is simply down now, AFAIK.  Nothing to do with Apache, simply due
to the fact that it isn't operated by an organization with the
infrastructure in place for robust 24x7 operations.

> Operating System: FreeBSD 2.2.1 - 3.2
> Web Server: Apache/1.3.9 (Unix) ApacheJServ/1.1 PHP/3.0.12 AuthMySQL/2.20
>
> This is certainly a cause of concern for me, I don't know about you.

Yesterday, the system that hosts www.apache.org, among other things, was
broken into.  This compromise did _NOT_ involve any security holes in any
software running on this system, including the Apache HTTP server.  It was
entirely due to configuration errors.

We are in contact with the people who did this and are working to ensure
the system is secure.  We are confident that the material hosted on this
server is safe, but are continuing our investigations and reviewing
various policies.  Further information will be available in the near
future.

As always, if you are concerned about the authenticity of source code
being downloaded, you should use some means to verify it.  In this case,
use the PGP signatures on the Apache distribution.


> ---------------------------------------------------

[...silly long sig removed...]

-- 
     Marc Slemko     | Apache Software Foundation member
     marcs () znep com  | marc () apache org