Apache has confirmed it was hit using a compromised SSH key to access one of its servers, which forced the shutdown of its website and most apache.org services.
The attack forced Apache, which at the last count accounted for nearly 50 per cent of all web servers, to shut down all machines involved as a precautionary measure.
After an initial investigation, it decided the best course of action was to change the DNS for most of its apache.org services to a machine that wasn't affected.
Further investigation revealed that the European fallover and backup machine, aurora.apache.org, was not affected. Although some rogue files had been copied over, none had been executed.
This allowed Apache to restore its websites to the version present before accounts could have been compromised.
Most user facing websites and services are now available, although Apache stated that some machines remained offline.
"To the best of our knowledge, no end users were affected by this incident, and the attackers were not able to escalate their privileges on any machines," said the Apache infrastructure team in a blog post.
It added: "While we have no evidence that downloads were affected, uses are always advised to check digital signatures when provided."
