[SOLVED] ProFTPD Main File Server Hacked, Possible Backdoor Inserted
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
One of the most popular open-source projects was compromised between Nov. 28 and Dec. 2.
ProFTPD, a file transfer protocol (FTP) server, had its main file server hacked and a version that contained a backdoor trojan was uploaded. Anyone who downloaded version 1.3.3c of the software in that timeframe are vulnerable.
The trojan allows full access to the system by attackers. The ProFTPD project team advised anyone who may be vulnerable to check for compromises and immediately update to a non-compromised version that is available on the website. The team also provided a link that can check the security signatures on their site here.
Analysts have speculated that an unpatched vulnerability in the FTP server daemon running on the ProFTPD site allowed the hackers access to the server. From there it was easy for them to simply replace the legitimate source code with the new version containing the backdoor. The breach was discovered on Dec. 1, and fixed, but due to time lags in servers mirroring the master download site, the warning was issued for anyone downloading the software between Nov. 28 and Dec. 2.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.