Back door in ProFTPD FTP server
From http://www.h-online.com/security/new...r-1146592.html
Quote:
Unknown attackers penetrated the server hosting the open source ProFTPD FTP server project and concealed a back door in the source code. The back door provides the attackers with complete access to systems on which the modified version of the server has been installed.
On installation, the modified version informs the group behind the back door by contacting an IP address in the Saudi Arabia area. Entering the command 'HELP ACIDBITCHEZ' results in the modified server displaying a root shell.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|