The recent attacks on the SourceForge infrastructure showed us, that malware developers, hackers and other criminals are taking new approaches at distirbuting their malware bytes. When I read the blog message
from the SourceForge team about the recent attack, I was astonished how huge the impact seems to be. There were many services taken down and a lot of OSS projects were affected.
However, the SourceForge guys did their job right in a first place. They did a systematic analysis of their infrastructure and after that, took the exploited systems and services down. Now, they are putting all their efforts in data validation and data restore. Respect! SourceForge.net, even if you got hacked, you do your job right: They have data integrity as a first priority and not availability (which could be very bad if malware is still around).
I don’t know if SourceForge.net will be able to determine, if malware has been injected, but this would be interesting though. Even SourceForge.net is a brilliant OSS platform provider, it should be the developer’s responsibility to backup their source code on a regular basis and even if it might suck, do regular code reviews to prevent injection of malicious code.
Hopefully, those hackers will get what they deserve. It’s a real shame to do hacking on open source providers.
As User “onepw” wrote: “This was like setting fire to a church! Shame!” And I totally agree…