Incidents happen. What you do about it is critical. Not prone to sticking their heads in the sand, the Apache Software Foundation’s Infrastructure Team established a beacon in the disclosure darkness. With unmatched transparency, while discussing a late August breach at Apachecon.con, the team indicated that “attackers fully compromised this machine, including gaining root privileges, and destroyed most of the logs, making it difficult for us to confirm the details of everything that happened on the machine.”
The report provides details on what happened, what worked, what didn’t work, and what changes they are making. Examples include:
- “The method by which most of our public facing websites are deployed to our production servers will also change, becoming a much more automated process. We hope to have switched over to a SvnSubPub / SvnWcSub based system within the next few weeks.”
- “We will re-implement measures such as IP banning after several failed logins, on all machines.”
See open disclosure and incident reporting at its finest at https://blogs.apache.org/infra/. Nicely done, Apache.