proftpd
ProFTPD official site compromise distributes backdoored source
The main FTP server distributing the ProFTPD source code (`ftp.proftpd.org`) was compromised. Attackers replaced the legitimate source code tarball for ProFTPD version 1.3.3c with a modified version containing a backdoor. Compiling and running this version would allow attackers remote root access.
- Date
- 2010-11-28 to 2010-12-01
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Compromised Infrastructure
What Was Affected
Package
proftpd
LanguageC
ComponentApplication
Artifact typesource archive
Domain typeproject download host
Domain
ftp.proftpd.org
Repository
github.com/proftpd/proftpd
Compromised Versions
- 1.3.3c
Incident Context
- Motive
- Unauthorized Access/Control
- Attribution
- Individual Hacker
- Transitive
- No
- Observed Duration
- 3 days
Evidence
Compromised Artifacts
Current Artifacts and Analysis
Indicators and Changes
Hashes
md5:565b57ceda4b00b80f896c5f44703291
External References
Source Data
Source record: oss/proftpd/meta.yaml