Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: ProFTPD distribution servers compromised SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ProFTPD distribution servers compromised

 It was announced that the source for ProFTPD was compromised and a back door was inserted.  The attacker compromised the main ftp.proftpd.org site on November 28, 2010.  This site is also the main rsync server, which means that anybody who has downloaded ProFTPD between then and December 1, 2010 is potentially running a version with the backdoor code.  According to reports, this compromise was performed against an unpatched vulnerability within ProFTPD itself, so even if you did not install the backdoored version, you may be running vulnerable software.

 

More information is available at here

Kevin Johnson

Secure Ideas

Kevin

6 Posts
Dec 2nd 2010
Cool guys, I like your quick response!

purdy@tecman.com
Anonymous
I just elevated our Daily Threat Report to Yellow because of this. The world will soon understand that not only was the proFTPD site hacked, but all their mirrors were hacked, and probably most of the files they have dished out have been hacked...

I just hope this was a hacker and not a cracker.

purdy@tecman.com
please hack my site ;)
Anonymous

Sign Up for Free or Log In to start participating in the conversation!