FTP (File Transfer Protocol) is a TCP-based protocol that enables file transfer between the server and the client. There is various software that offers FTP service. PROFTPD is one of this software and it has an interesting story.
In 2010, cyber attackers managed to place a backdoor code snippet to ProFTPD 1.3.3c version source code. Attackers logged in to all systems using this 1.3.3.c version with this backdoor and did unauthorised operations.
This vulnerability not only enabled attackers to access the files but also toaccess to user rights with the highest authorisation.
If you installed ProFTPD 1.3.3c version with changed source code in 2010, you might be impacted by this vulnerability. You don’t need to worry. You can easily check for free whether your server is impacted by this vulnerability from securityforeveryone.com.
You can check ProFTP Backdoor vulnerability with our free and online ProFTP Backdoor Vulnerability Checker tool. To do this, you can start by typing your domain name in the form on top of the page and start scanning.
Or you can run nmap --script ftpproftpd-backdoor -p 21 Target_Host command on nmap tool which can be installed to all operating systems.
Additionally, you can use proftpd_133c_backdoor exploit module of “Metasploit Framework” software on Linux or OS X operating system to check the vulnerability.
Lastly, you can check manually. If your FTP server is impacted from this vulnerability, you will have a result similar to the following:
$ telnet 172.19.0.100 21 Trying 172.19.0.100... Connected to 172.19.0.100. Escape character is '^]'. 220 ProFTPD 1.3.3c Server (ProFTPD Default Installation) [172.19.0.100] HELP ACIDBITCHEZ id; uid=0(root) gid=0(root) groupes=65534(nogroup) ^]
To eliminate this vulnerability, you need to update FTP software to the newest version. It is not possible to fix it from any settings.