The web site of open source organisation The Apache Group was taken down on Friday after being hacked.
According to the group, nearly half of all of web servers worldwide run Apache.
Hackers compromised the SSH key for one of its servers, used to host the ApacheCon site, in an attack that left it wide open to Trojans. The site went offline for several hours before traffic was switched to European servers rather than those in the US.
The attack appears to have come from an account used to back up Apache’s servers automatically to an external hosting service, though the group has no idea who was responsible. In a statement, Apache said it had no idea whether any code on the site was modified or not.
“To the best of our knowledge at this time, no end users were affected by this incident, and the attackers were not able to escalate their privileges on any machines,” it added. “While we have no evidence that downloads were affected, users are always advised to check digital signatures where provided.”