Gentoo said the method used to gain access ot its server is still under investigation, but promised to release details once they are available. “At this point, we are still performing forensic analysis,” Gentoo’s Kurt Lieber told users in an email. “However, the compromised system had both an IDS and a file integrity checker installed and we have a very detailed forensic trail of what happened … The attacker appears to have installed a rootkit and modified/deleted some files to cover their tracks, but left the server otherwise untouched.”
On Nov. 21 the Debian project said four of its servers had been compromised. After verifying its archives, project managers expressed confidence that no code had been altered.
Back in August, an FTP server used by the Free Software Foundation to distribute open source code was found to have been compromised for at least four months. The incident also involved a local user, who cracked the box using a ptrace exploit immediately after the exploit was posted.
Netcraft offers a range of advanced security services, including The Netcraft Network Examination, an automated vulnerability test of Internet-connected networks which checks for new security vulnerabilities and configuration errors caused by system and network maintenance.