Jan 29, 2011

SourceForge Site Compromised By Attackers

เมื่อวันพุธที่ผ่านมา SourceForge เจ้าพ่อ Open Source Project ได้ถูกโจมตีและขณะนี้กำลังมีความพยายามที่จะสืบหาสาเหตุและผลกระทบอยู่ครับ โดยได้มีการไปเปลี่ยนแปลงค่าต่างๆรวมถึง CVS System ด้วย

The recent rash of attacks against free and open source software projects continued this week with an attack that targeted SourceForge, the popular repository for open source projects. The attack compromised a number of separate systems, including the site's CVS system.
The administrators at SourceForge detected the intrusion on Wednesday and during the investigation, they discovered that the attackers had succeeded in gaining access to several machines. After the attack was discovered, they quickly took a number of services offline, including the CVS system, Web-based code browsing, file upload capability and interactive shell services.
"Our immediate priorities are to prevent further exposure and ensure data integrity.  We have all hands on deck working on identifying the exploit vector or vectors, eliminating them, and restoring the impacted services," the SourceForge staff wrote in a blog post on the attack.

"The problem was initially discovered on the servers that host CVS but our analysis indicates that several other machines were involved, and while we believe we’ve determined the extent of the attack, we are verifying all of our other services and data."
On Thursday, SourceForge staffers said that they still were in the process of trying to determine the full extent of the attack and that several service were offline still.
"CVS, ViewVC, file release uploads, and interactive shell services are still disabled while we do the work to make sure our servers and services are hardened against future attacks like this," the staff said.
SourceForge is a resource site that enables developers to store projects under development and also serves as a download site for users.
The attack against SourceForge is the latest in what's become a string of such incidents affecting free and open-source software projects. Earlier this week officials at the Fedora Project disclosed an attack against the project's infrastructure. That incident was relatively minor, in that it resulted from the compromise of one user's account credentials and the attacker didn't make any changes to the Fedora packages.
In December attackers were able to compromise the main server used to distribute the ProFTPD software and insert a backdoor into the software code. The backdoored version of the software was mirrored to all of the other sites that distribute the software and the compromised version was available for download for several days before the intrusion was discovered.

Source: http://threatpost.com/en_us/blogs/sourceforge-site-compromised-attackers-012811

No comments: