An issue was reported to the Drupal.org infrastructure team that uncovered an installed rootkit on our pre-production (dev and staging) environment on April 19th. We stopped all services on these servers. The access was gained through an open VNC port on our OpenStack environment that allowed hijacking of an open console session. The attacker was attempting to create a distributed denial of service (DDoS) attack on targeted IPs.
There is no evidence that information was taken from our staging database or that user information was compromised.
Today, we are introducing a new ‘Community’ user role on the site. It will be granted automatically to users who have been around for some time and reached a certain level of participation on Drupal.org.
One of the Drupal Association's primary missions is to grow the adoption of Drupal. We are about to launch a new program on April 15th called Try Drupal. The program will make it easy and fast for evaluators to try Drupal and have a simple, great experience while on Drupal.org.