apache.org was down this morning and reports are that one of their servers has been compromised due to an SSH key being exposed. The SSH key was used by an account to perform backups. No vulnerabilities in apache or ssh software was used in this attack. When the incident was identified apache cut access to all of their services as a containment measure. Their web sites are now back online. An overview of the incident can be read here:

http://blogs.apache.org/infra/entry/apache_org_downtime_initial_report

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.