It has emerged that the main distribution center for the popular ProFTPD FTP (file transfer client) server project has been successfully broken into by unknown hackers. The attack took place over the weekend on Nov. 28, and was only discovered three days later on Dec 1. In a nutshell, the break-in allowed the attackers to replace the source files for ProFTPD 1.3.3c with a version that contained a backdoor.

And because the main site is also the rsync distribution server for mirror sites, anyone who has downloaded the software from official sources on the above-mentioned dates are likely to be affected. These users are hence encouraged to check their system for security compromises. According to Project Maintainer TJ Saunders, "The backdoor introduced by the attackers allows unauthenticated users remote root access to systems which run the maliciously modified version of the ProFTPD daemon."

There is no mention of the number of downloads of the rigged software, and the ProFTPD team believes the compromise originates from a known vulnerability that was somehow left unpatched on the affected system. For now, administrators can also verify the integrity of their source files using the GPG signatures available on the ProFTPD homepage here.

For more on this story:
- check out this article at eWeek
- check out this article at The Register

Related Articles:
McAfee: Malware at all-time high 
Hack of Apache project server highlights two attack vectors 
New study says cybercrime costs enterprises $3.8 million a year 
Many home routers could be vulnerable to web hack