Slashdot Mirror

← Back to Stories (view on slashdot.org)

ProFTPD.org Compromised, Backdoor Distributed

Posted by CmdrTaco on from the scary-world-we-live-in dept.

Orome1 writes "A warning has been issued by the developers of ProFTPD, the popular FTP server software, about a compromise of the main distribution server of the software project that resulted in attackers exchanging the offered source files for ProFTPD 1.3.3c with a version containing a backdoor. It is thought that the attackers took advantage of an unpatched security flaw in the FTP daemon in order to gain access to the server."

3 of 152 comments (clear)

  1. Dumb comment. by Anonymous Coward · · Score: 5, Informative

    And how, exactly, would the attackers sign the distribution files with the same private key the project uses?

  2. Re:FTP by Bill,+Shooter+of+Bul · · Score: 1, Informative

    Why not just use SSH/SCP for windows( it already exists, not difficult to install)?

    --
    Well.. maybe. Or Maybe not. But Definitely not sort of.
  3. Re:FTP by a_nonamiss · · Score: 3, Informative

    FTP isn't secure, but it's got a very low overhead compared to sftp or smb. Still a very efficient way to send very large files over a trusted, reliable LAN. On a gigabit LAN, I get a significantly higher transfer speed than when using smb.

    I'm not saying I'd put it in production over the Internet. It's crazy insecure and is a pain in the butt to set up on a firewall, but for fast, simple transfers on a LAN, it's the best protocol out there.

    --
    -Arthur
    Cave ne ante ullas catapultas ambules