If your running Plesk 9 as control panel read your server may get hacked through pro(ftpd) - GoFuckYourself.com

sinnerscorner · 11-10-2010, 02:56 PM

Ask your hosting company if they already patched the leak in psa-proftpd.
The exploit is out in the open and many server are already hacked.

Check http://forum.parallels.com/forumdisplay.php?f=552

comeplay · 11-10-2010, 04:37 PM

I woke up today to this issue.. 35+ load averages with 30+ proftpd connections from one IP.. culprit was this proftpd vuln make sure your current versions are 1.3.3c and not anything older!

sinnerscorner · 11-10-2010, 04:46 PM

Yes I guess already many servers got rooted.... ,

tonyparra · 11-10-2010, 04:59 PM

any host care to reassure your customers this wont be a issue?

Barry-xlovecam · 11-10-2010, 05:02 PM

I have been using pure-ftpd for many years now ...

borked · 11-10-2010, 05:03 PM

stop frikken using control panels to control a server for chrissakes!

they aren't that difficult to to control on the command line...

sinnerscorner · 11-10-2010, 05:07 PM

Quote:

Originally Posted by tonyparra

any host care to reassure your customers this wont be a issue?

It is a big issue already many servers are (automagically) root hacked.

new botnet born?

sinnerscorner · 11-10-2010, 05:15 PM

Quote:

Originally Posted by borked

stop frikken using control panels to control a server for chrissakes!

they aren't that difficult to to control on the command line...

For a hosting company command line is not an option. You want clients to configure settings themselves. Ar you really from Wageningen ??? Does Unitas (the student club) still exists?

comeplay · 11-10-2010, 05:18 PM

Quote:

Originally Posted by borked

stop frikken using control panels to control a server for chrissakes!

they aren't that difficult to to control on the command line...

I think the issue is more the proftpd version then the control panel

sinnerscorner · 11-10-2010, 05:31 PM

Quote:

Originally Posted by comeplay

I think the issue is more the proftpd version then the control panel

I only know (from experience...)| that plesk 9 is affected maybe other panels (directadmin / cpanel are vulnerable too.

more info.

1.3.3c - Released 29-Oct-2010
--------------------------------
- Bug 3521 - Telnet IAC processing stack overflow.

http://www.proftpd.org/docs/NEWS-1.3.3c

comeplay · 11-10-2010, 05:47 PM

Quote:

Originally Posted by sinnerscorner

I only know (from experience...)| that plesk 9 is affected maybe other panels (directadmin / cpanel are vulnerable too.

The VPS i had an issue with uses directadmin.. the IP that was connected with 30ish instances was running plesk tho

signupdamnit · 11-10-2010, 05:51 PM

Quote:

Originally Posted by comeplay

I think the issue is more the proftpd version then the control panel

The control panel often complicates the issue and makes security updates more difficult.

http://forum.parallels.com/showpost....4&postcount=26

The advice to ditch control panels (where at all possible) is very sound. Either that or hire someone to administer the box.

HomerSimpson · 11-10-2010, 06:04 PM

I can't stand using plesk and direct admin
for me there's only one control panel and thats cPanel / WHM

sandman! · 11-10-2010, 08:04 PM

anyone running directadmin needs to update their servers also this hack will bring down your server with connections.

izzynew · 11-10-2010, 10:14 PM

Damn!
Thanks for the heads up.

boneless · 11-11-2010, 12:31 AM

Quote:

Originally Posted by sinnerscorner

For a hosting company command line is not an option. You want clients to configure settings themselves. Ar you really from Wageningen ??? Does Unitas (the student club) still exists?

mijn vriedin komt uit wageningen, volgens haar bestaat die club nog. Zal het eens aan haar pa vragen die woont er nog steeds.

tom3k · 11-11-2010, 03:56 AM

proftpd is for amateurs.

be a man, run vsftpd.

roly · 11-11-2010, 04:28 AM

i have my proftp turned off and just use sftp instead

Shoplifter · 11-11-2010, 12:20 PM

Quote:

Originally Posted by comeplay

I woke up today to this issue.. 35+ load averages with 30+ proftpd connections from one IP.. culprit was this proftpd vuln make sure your current versions are 1.3.3c and not anything older!

Yes I have seen the same thing. This is not really about Plesk at all and I would immediately have your host fix this. It's only a matter of time before the script kiddies have something to really screw you up through this.

sinnerscorner · 11-11-2010, 12:46 PM

Quote:

Originally Posted by Shoplifter

Yes I have seen the same thing. This is not really about Plesk at all and I would immediately have your host fix this. It's only a matter of time before the script kiddies have something to really screw you up through this.

It is already there:

Un autre exploit pour la faille telnet IAC dans ProFTPD

Kingcope a mis en ligne, le 7 novembre 2010, un script Perl qui permet d'exploiter cette faille sur un nombre plus important de plateformes :

* FreeBSD 8.1 i386, ProFTPD 1.3.3a Server (binary)
* FreeBSD 8.0/7.3/7.2 i386, ProFTPD 1.3.2a/e/c Server (binary)
* Debian GNU/Linux 5.0, ProFTPD 1.3.2e Server (Plesk binary)
* Debian GNU/Linux 5.0, ProFTPD 1.3.3 Server (Plesk binary)
* Debian GNU/Linux 4.0, ProFTPD 1.3.2e Server (Plesk binary)
* Debian Linux Squeeze/sid, ProFTPD 1.3.3a Server (distro binary)
* SUSE Linux 9.3, ProFTPD 1.3.2e Server (Plesk binary)
* SUSE Linux 10.0/10.3, ProFTPD 1.3.2e Server (Plesk binary)
* SUSE Linux 10.2, ProFTPD 1.3.2e Server (Plesk binary)
* SUSE Linux 11.0, ProFTPD 1.3.2e Server (Plesk binary)
* SUSE Linux 11.1, ProFTPD 1.3.2e Server (Plesk binary)
* SUSE Linux SLES 10, ProFTPD 1.3.2e Server (Plesk binary)
* CentOS 5, ProFTPD 1.3.2e Server (Plesk binary

sinnerscorner · 11-11-2010, 12:47 PM

Quote:

Originally Posted by boneless

mijn vriedin komt uit wageningen, volgens haar bestaat die club nog. Zal het eens aan haar pa vragen die woont er nog steeds.

Ok ja vraag maar. Ik ben benieuwd of ze dan nog steeds halverwege de Wageningse berg
zitten... H

11-10-2010, 02:56 PM	#1
sinnerscorner Confirmed User Industry Role: Join Date: Jul 2004 Posts: 194	If your running Plesk 9 as control panel read your server may get hacked through pro(ftpd) Ask your hosting company if they already patched the leak in psa-proftpd. The exploit is out in the open and many server are already hacked. Check http://forum.parallels.com/forumdisplay.php?f=552 __________________ -- ok there is no sig here --

11-10-2010, 04:37 PM	#2
comeplay Confirmed User Join Date: Nov 2004 Location: Greater Washington DC Posts: 1,435	I woke up today to this issue.. 35+ load averages with 30+ proftpd connections from one IP.. culprit was this proftpd vuln make sure your current versions are 1.3.3c and not anything older! __________________ Top virtual hosts for under 10$? www.hostmylife.com \| icq 50663030

11-10-2010, 04:46 PM	#3
sinnerscorner Confirmed User Industry Role: Join Date: Jul 2004 Posts: 194	Yes I guess already many servers got rooted.... , __________________ -- ok there is no sig here --

11-10-2010, 04:59 PM	#4
tonyparra Confirmed User Industry Role: Join Date: Jul 2008 Location: In your back seat with duck tape Posts: 4,568	any host care to reassure your customers this wont be a issue? __________________ High Performance Vps $10 Linode Manage your Digital Ocean, Linode, or Favorite Cloud Server. Simple, fast, and secure Server Pilot

11-10-2010, 05:03 PM	#6
borked Totally Borked Industry Role: Join Date: Feb 2005 Posts: 6,284	stop frikken using control panels to control a server for chrissakes! they aren't that difficult to to control on the command line... __________________ For coding work - hit me up on andy // borkedcoder // com (consider figuring out the email as test #1) All models are wrong, but some are useful. George E.P. Box. p202

11-10-2010, 05:02 PM	#5
Barry-xlovecam It's 42 Industry Role: Join Date: Jun 2010 Location: Global Posts: 18,083	I have been using pure-ftpd for many years now ...

11-10-2010, 06:04 PM	#13
HomerSimpson Too lazy to set a custom title Industry Role: Join Date: Sep 2005 Location: Springfield Posts: 13,826	I can't stand using plesk and direct admin for me there's only one control panel and thats cPanel / WHM __________________ Make a bank with Chaturbate - the best selling webcam program Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!! PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 \| Email:

11-10-2010, 08:04 PM	#14
sandman! Icq: 14420613 Industry Role: Join Date: Mar 2001 Location: chicago Posts: 15,432	anyone running directadmin needs to update their servers also this hack will bring down your server with connections. __________________ Need WebHosting ? Email me for some great deals [email protected]

11-10-2010, 10:14 PM	#15
izzynew Confirmed User Industry Role: Join Date: May 2009 Posts: 174	Damn! Thanks for the heads up.

11-11-2010, 03:56 AM	#17
tom3k Confirmed User Industry Role: Join Date: Nov 2007 Posts: 105	proftpd is for amateurs. be a man, run vsftpd.

11-11-2010, 04:28 AM	#18
roly Confirmed User Join Date: Aug 2002 Posts: 1,844	i have my proftp turned off and just use sftp instead