Open-source ProFTPD hacked, backdoor planted in source code

Summary:The open-source ProFTPD project has been hacked by unknown attackers who planted a backdoor in the source code.

The open-source ProFTPD project has been hacked by unknown attackers who planted a backdoor in the source code.

As a result of the hack, the project's main FTP server, as well as all of the mirror servers, have carried compromised versions of the ProFTPD1.3.3c source code, from the November 28 2010 to December 2 2010.

ProFTPD, which positions itself as a secure FTP server for Linux and Unix based operating system, urged all users who run versions of ProFTPD which were downloaded and compiled in this time window to check their systems for security compromises and install unmodified versions of ProFTPD.

Here's the skinny on the attack:

follow Ryan Naraine on twitter

On Sunday, the 28th of November 2010 around 20:00 UTC the main distribution server of the ProFTPD project was compromised. The attackers most likely used an unpatched security issue in the FTP daemon to gain access to the server and used their privileges to replace the source files for ProFTPD 1.3.3c with a version which contained a backdoor.

The fact that the server acted as the main FTP site for the ProFTPD project (ftp.proftpd.org) as well as the rsync distribution server (rsync.proftpd.org) for all ProFTPD mirror servers means that anyone who downloaded ProFTPD 1.3.3c from one of the official mirrors from 2010-11-28 to 2010-12-02 will most likely be affected by the problem.

ProFTPD said the backdoor introduced by the attackers allows unauthenticated users remote root access to systems which run the maliciously modified version of the ProFTPD daemon.

Topics: Security, Hardware, Open Source, Servers

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.