Apache state that downloads were not affected, but have advised that users should always check the digital signatures on downloads from their site.

Apache.org suffered a server compromise after an SSH key was exposed in 2001.

A current performance graph for www.apache.org can be seen here.