If your running Plesk 9 as control panel read your server may get hacked through pro(ftpd)
 

Ask your hosting company if they already patched the leak in psa-proftpd.
The exploit is out in the open and many server are already hacked.

Check http://forum.parallels.com/forumdisplay.php?f=552

I woke up today to this issue.. 35+ load averages with 30+ proftpd connections from one IP.. culprit was this proftpd vuln make sure your current versions are 1.3.3c and not anything older!

Yes I guess already many servers got rooted.... ,:(

any host care to reassure your customers this wont be a issue?

I have been using pure-ftpd for many years now ...

stop frikken using control panels to control a server for chrissakes!

they aren't that difficult to to control on the command line...

It is a big issue already many servers are (automagically) root hacked. :mad:
new botnet born?

For a hosting company command line is not an option. You want clients to configure settings themselves. Ar you really from Wageningen ??? Does Unitas (the student club) still exists?

I think the issue is more the proftpd version then the control panel

I only know (from experience...)| that plesk 9 is affected maybe other panels (directadmin / cpanel are vulnerable too.


more info.

1.3.3c - Released 29-Oct-2010
--------------------------------
- Bug 3521 - Telnet IAC processing stack overflow.


http://www.proftpd.org/docs/NEWS-1.3.3c

The VPS i had an issue with uses directadmin.. the IP that was connected with 30ish instances was running plesk tho

The control panel often complicates the issue and makes security updates more difficult.

http://forum.parallels.com/showpost....4&postcount=26

The advice to ditch control panels (where at all possible) is very sound. Either that or hire someone to administer the box.

I can't stand using plesk and direct admin
for me there's only one control panel and thats cPanel / WHM

anyone running directadmin needs to update their servers also this hack will bring down your server with connections.

Damn!
Thanks for the heads up.

mijn vriedin komt uit wageningen, volgens haar bestaat die club nog. Zal het eens aan haar pa vragen die woont er nog steeds.

proftpd is for amateurs.

be a man, run vsftpd.

i have my proftp turned off and just use sftp instead

Yes I have seen the same thing. This is not really about Plesk at all and I would immediately have your host fix this. It's only a matter of time before the script kiddies have something to really screw you up through this.

It is already there:

Un autre exploit pour la faille telnet IAC dans ProFTPD

Kingcope a mis en ligne, le 7 novembre 2010, un script Perl qui permet d'exploiter cette faille sur un nombre plus important de plateformes :

* FreeBSD 8.1 i386, ProFTPD 1.3.3a Server (binary)
* FreeBSD 8.0/7.3/7.2 i386, ProFTPD 1.3.2a/e/c Server (binary)
* Debian GNU/Linux 5.0, ProFTPD 1.3.2e Server (Plesk binary)
* Debian GNU/Linux 5.0, ProFTPD 1.3.3 Server (Plesk binary)
* Debian GNU/Linux 4.0, ProFTPD 1.3.2e Server (Plesk binary)
* Debian Linux Squeeze/sid, ProFTPD 1.3.3a Server (distro binary)
* SUSE Linux 9.3, ProFTPD 1.3.2e Server (Plesk binary)
* SUSE Linux 10.0/10.3, ProFTPD 1.3.2e Server (Plesk binary)
* SUSE Linux 10.2, ProFTPD 1.3.2e Server (Plesk binary)
* SUSE Linux 11.0, ProFTPD 1.3.2e Server (Plesk binary)
* SUSE Linux 11.1, ProFTPD 1.3.2e Server (Plesk binary)
* SUSE Linux SLES 10, ProFTPD 1.3.2e Server (Plesk binary)
* CentOS 5, ProFTPD 1.3.2e Server (Plesk binary

Ok ja vraag maar. Ik ben benieuwd of ze dan nog steeds halverwege de Wageningse berg
zitten... H