[nsp-sec] proftpd security compromise - contact for 212.26.42.47/AS8895?
Nick Hilliard
nick at inex.ie
Thu Dec 2 18:04:52 EST 2010
For those who aren't aware of it, the main distribution site for ProFTPD
was compromised a couple of days ago, and the 1.3.3c source bundle was
replaced with a version which contained a back-door.
The official proftpd announcement about this was made in the following
forum posting on sourceforge (apologies for tinyurl, but the original url
is ridiculously long): http://tinyurl.com/29smqsx
Technical details here:
http://marc.info/?l=proftpd-users&m=129120928913037&w=2
The ProFTPD security people are interested in getting the C&C site on
212.26.42.47 shut down. This box is located in Saudi Arabia.
AS | IP | AS Name
8895 | 212.26.42.47 | ISU-RUH KACST/ISU Riyadh Autonomous System
Anyone with any information is requested to contact security at proftpd.org.
(Daniel Roesen from the ProFTPD project asked me to send this email, as he
hasn't been on nsp-sec for some years).
Nick
More information about the nsp-security
mailing list