A Site was Hacked. Plesk have a patch, DA?

Thank you the notice. It looks scary when I read this in the article at http://stopmalvertising.com/malware-reports/the-c3284d-malware-network-stats.php.html

The latest version of ProFTPD (1.3.4a) is still subject to a vulnerability called the "Roaring Beast" ProFTPd root exploit. Currently there is NO patch available for ProFTPD, however a number of workarounds have been provided.
Click to expand...
and
Some of my readers don’t run Plesk Panels but they still noticed FTP access and the first thought was stolen FileZilla passwords. If ProFTPD is installed and no workarounds have been applied against the "Roaring Beast" root exploit, then ProFTPD might be the cause here...
Click to expand...

The big question then, is if default ProFTPD installed by custombuild is vulnerable for "Roaring Beast" ProFTPd root exploit or not?
 
@Suurbier I don't like to run beta software implementations on production servers:

Keep in mind that this is in beta, so there may be bugs.
Click to expand...
 
Looking over the info, if you're using FreeBSD, and want to ensure you're not affected, the simplest is to use the "RootRevoke On" option in the <Global> section of the /etc/proftpd.conf file.
It would require that an ftp login is already known, so using the Brute Force Monitor, and having strong passwords will also lower the changes of being affected.
Note that this will disable active connections.. but pasv connections will continue to work, which is the main connection method these days, since most everyone uses a router.

There are also other work arounds available but it doesn't look like anything has changed since December.
http://www.directadmin.com/forum/showthread.php?t=42120&p=214011#post214011

John
 
You must log in or register to reply here.
Back
Top