It is related to the new feature: http://www.directadmin.com/features.php?id=1771
In /usr/local/directadmin/scripts/ftp_upload.php
line 216: ${CURL} --config ${CFG} --ftp-ssl -k --silent --show-error --upload-file $ftp_local_file ftp://$ftp_ip:${PORT}$ftp_path$ftp_remote_file 2>&1
Curl --help: -k, --insecure Allow connections to SSL sites without certs (H)
So, you are allowing curl connecting to a ftp site with problematic certificate?
Then what's the point of enabling FTPS?
With -k, attackers can use self-signed certs and do a MITM attack to get the backups.
In /usr/local/directadmin/scripts/ftp_upload.php
line 216: ${CURL} --config ${CFG} --ftp-ssl -k --silent --show-error --upload-file $ftp_local_file ftp://$ftp_ip:${PORT}$ftp_path$ftp_remote_file 2>&1
Curl --help: -k, --insecure Allow connections to SSL sites without certs (H)
So, you are allowing curl connecting to a ftp site with problematic certificate?
Then what's the point of enabling FTPS?
With -k, attackers can use self-signed certs and do a MITM attack to get the backups.
