Thread: If your running Plesk 9 as control panel read your server may get hacked through pro(ftpd)
View Single Post
Old 11-11-2010, 12:46 PM  
sinnerscorner
Confirmed User
 
Industry Role:
Join Date: Jul 2004
Posts: 194
Quote:
Originally Posted by Shoplifter View Post
Yes I have seen the same thing. This is not really about Plesk at all and I would immediately have your host fix this. It's only a matter of time before the script kiddies have something to really screw you up through this.

It is already there:

Un autre exploit pour la faille telnet IAC dans ProFTPD

Kingcope a mis en ligne, le 7 novembre 2010, un script Perl qui permet d'exploiter cette faille sur un nombre plus important de plateformes :

* FreeBSD 8.1 i386, ProFTPD 1.3.3a Server (binary)
* FreeBSD 8.0/7.3/7.2 i386, ProFTPD 1.3.2a/e/c Server (binary)
* Debian GNU/Linux 5.0, ProFTPD 1.3.2e Server (Plesk binary)
* Debian GNU/Linux 5.0, ProFTPD 1.3.3 Server (Plesk binary)
* Debian GNU/Linux 4.0, ProFTPD 1.3.2e Server (Plesk binary)
* Debian Linux Squeeze/sid, ProFTPD 1.3.3a Server (distro binary)
* SUSE Linux 9.3, ProFTPD 1.3.2e Server (Plesk binary)
* SUSE Linux 10.0/10.3, ProFTPD 1.3.2e Server (Plesk binary)
* SUSE Linux 10.2, ProFTPD 1.3.2e Server (Plesk binary)
* SUSE Linux 11.0, ProFTPD 1.3.2e Server (Plesk binary)
* SUSE Linux 11.1, ProFTPD 1.3.2e Server (Plesk binary)
* SUSE Linux SLES 10, ProFTPD 1.3.2e Server (Plesk binary)
* CentOS 5, ProFTPD 1.3.2e Server (Plesk binary
__________________
-- ok there is no sig here --
sinnerscorner is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote