SourceForge servers recovering from Attack

SourceForge.net has been recovering from an attack which they discovered on Wednesday of last week. The attack consisted of a root privilege escalation on one of their platforms which permitted exposure of credentials that were then used to access machines with externally-facing SSH.

As a result of the attack and to prevent further damage, the SourceForge team locked down some of the impacted hosts which in turn, resulted in service downtime for:

• CVS Hosting
• ViewVC
• New Release upload capability
• ProjectWeb/shell

As part of the recovery process, they have begun to to data validation as outlined below:

It’s better to be safe than sorry, so we’ve decided to perform a comprehensive validation of project data from file releases, to SCM commits. We will compare data agains pre-attack backups, and will identify changed and added. We will review that data, and will will also refer anything suspicious to individual project teams for further assessment as needed.

The validation work is a precaution, because while we don’t have evidence of any data tampering, we’d much prefer to burn a bunch of CPU cycles verifying everything than to discover later that some extra special trickery lead to some undetected badness

They are working hard to restore all services and a plan is in place to do so. As a result, you may have issues accessing files and / or project info for CMS projects that use their services.

A full report on the attacks and their plan of recovery can be found here: http://sourceforge.net/blog/sourceforge-attack-full-report/