Squarespace

SourceForge servers recovering from Attack

By Mike Johnston January 31, 2011 News & Headlines  Comments

Advertisement

SourceForge.net has been recovering from an attack which they discovered on Wednesday of last week. The attack consisted of a root privilege escalation on one of their platforms which permitted exposure of credentials that were then used to access machines with externally-facing SSH.

As a result of the attack and to prevent further damage, the SourceForge team locked down some of the impacted hosts which in turn, resulted in service downtime for:

  • CVS Hosting
  • ViewVC
  • New Release upload capability
  • ProjectWeb/shell

As part of the recovery process, they have begun to to data validation as outlined below:

It’s better to be safe than sorry, so we’ve decided to perform a comprehensive validation of project data from file releases, to SCM commits. We will compare data agains pre-attack backups, and will identify changed and added. We will review that data, and will will also refer anything suspicious to individual project teams for further assessment as needed.

The validation work is a precaution, because while we don’t have evidence of any data tampering, we’d much prefer to burn a bunch of CPU cycles verifying everything than to discover later that some extra special trickery lead to some undetected badness

They are working hard to restore all services and a plan is in place to do so. As a result, you may have issues accessing files and / or project info for CMS projects that use their services.

A full report on the attacks and their plan of recovery can be found here: http://sourceforge.net/blog/sourceforge-attack-full-report/

Stay on top of the CMS world

Sign up to get CMS Critic's weekly newsletter filled with the latest CMS Reviews, News and Views.

Tags: exposure 1 SSH 1 data validation 1 root privilege 1 cms projects 1 sourceforge servers 1 service downtime 2 root 2 result 5 wcm 728 sourceforge 1 cms 857 validation 2

Mike Johnston

Mike Johnston Author

Mike is the Editor-in-Chief and Founder of CMS Critic, he is an entrepreneur, marketer, movie lover and tech geek. 

Stay on top of the CMS world

Sign up to get CMS Critic's weekly newsletter filled with the latest CMS Reviews, News and Views.