SourceForge Down After Attack [Updated]

Animats writes "SourceForge, a hosting site for many open source projects, is down today. Management claims they were attacked: 'We detected a direct targeted attack that resulted in an exploit of several SourceForge.net servers, and have proactively shut down a handful of developer centric services to safeguard data and protect the majority of our services.' Currently, CVS and SVN access to source code, even for reading, is unavailable, and there is no announced restoration time." (SourceForge and Slashdot are both part of Geeknet, Inc.) Update: 01/27 22:17 GMT by T : Mark Ramm of SourceForge contributes an update and some clarification: the site is up, and SVN is available, though CVS isn't. There's also a follow-up post on the site's blog.

Why

[Anrego]

What the hell did sourceforge ever do to anyone?

I guess this could have been an attempt to spread some malware or something (by poisoning popular projects)?

Off topic: how many people actually download directly from sourceforge any more. I have to imagine the majority of users (even before the mass ubuntu influx) get their stuff second hand through their favorite distro’s repository these days. I know I haven’t been there with any regularity since my `ol slackware days *tugs pants up past waist*.

Aw, crap.

[Nefarious Wheel]

This has to be a moneyed interest.

Whoever you are, out there, you're not a clever geek, you're just an asshole.

Re:Qui bono?

[Securityemo]

Because it's a high-profile site, and presumably staffed by people who know what they are doing? Eg., for the kicks?

Re:Attack by prononymous?

[quanticle]

Well, if you wanted to sneak malicious code into an open-source project, cracking its repository might be a good way to do so.

Password Database stolen?

[Securityemo]

Since they took down SFTP access, presumably someone got their hands on passwords/the password database.

possible explanation

[Anonymous Coward]

http://www.exploit-db.com/papers/15823/

You would think that the authors of Ettercap, one of the most popular
whitehat pentesting tools, would know the basics of security.
Apparently they don't, or they just don't give a shit about what
happens to their users.

So, why is their website so insecure? Ettercap's message board is
hosted at Sourceforge, so they share a server with thousands of other
customers. Every single customer is able to execute commands and
access the other project directories. Pretty stupid, eh? You only need
to find one hole in one hosted site and you can access ALL the project
databases. Of course that isn't ALoR's fault, it's Sourceforge's
fault. Regardless, people who care about security and data integrity
wouldn't use such a shitty provider, would they?

Take note when people post exploits

[Anonymous Coward]

This was posted on Full Disclosure 4 days ago. http://seclists.org/fulldisclosure/2011/Jan/424 [seclists.org]

Seems they left the backdoor open even after being notified.