Thursday 2 December 2010

ProFTP; site compromised, and code backdoored

Rather interesting news from ProFTP this morning. It sounds like a 0-day vulnerability was found in their software recently.



Attackers then proceeded to attack ProFTPs own FTP servers using the 0-day exploit. The attackers then altered ProFTPs source code to insert a backdoor.

More detail here.

Some users have downloaded the compromised software from ProFTPs site. Very nasty.

I always use vsftpd, and I would highly recommend it, as it has has been designed specifically with security in mind. If you are hosting important files on an FTP site, then you need to make sure it is secure, and that nobody can either compromise the server, or tamper with the files on the server.

Maybe ProFTP should use vsftp for their FTP servers ;o)

It's no joke, as I would say that there is certainly some benefit to using another product (other than the one you produce) especially if you are hosting your product "on your product" so to speak.

This is not the first time vulnerabilities have be found in ProFTP. There have been several over the years. If you use ProFTP, my advice is to use vsftp instead.

2 comments:

  1. Hey Guys !

    USA Fresh & Verified SSN Leads with DL Number AVAILABLE with 99.9% connectivity
    All Leads have genuine & valid information

    **HEADERS IN LEADS**
    First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If anyone buy in bulk, we can negotiate
    *Sampling is just for serious buyers

    ==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
    ->$5 PER EACH

    ->Hope for the long term deal
    ->Interested buyers will be welcome

    **Contact 24/7**
    Whatsapp > +923172721122
    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete