If you are using VSFTPD for FTP server, it is better to check your system for a backdoor vulnerability that emerged in the past years.
FTP (File Transfer Protocol) is a TCP-based protocol that enables file transfer between the server and the client. There are different software offering FTP service and VSFTPD is only one of them.
In 2011, attackers managed to place a code snippet with a backdoor to vsFTPd 2.3.4 version source code.
If you installed vsFTPd 2.3.4 version with changed source code in 2011, you might be impacted by this vulnerability. People with malicious intent who exploit this vulnerability can access to user rights with the highest authorisation in the target system.
You can check vsFTP Backdoor vulnerability with our free and online vsFTP Backdoor Vulnerability Checker. tool To do this, you can start by typing your domain name in the form on top of the page and start scanning.
Or you can run nmap --script ftp-vsftpd-backdoor -p 21 Target_Host command on nmap tool which can be installed to all operating systems.
Also, you can use vsftpd_234_backdoor exploit module of “Metasploit Framework” to check the vulnerability.
Lastly, you can check manually. If your FTP server is impacted from this vulnerability, you will have a result similar to the following:
telnet 172.19.0.100 21 Trying 172.19.0.100... Connected to 172.19.0.100. Escape character is '^]'. 220 (vsFTPd 2.3.4) USER invaliduser: ) 331 Please specify the password. PASS invalidpass ^] telnet> quit Connection closed.
When you deactivate the telnet connection and try to connect with 6200 port by using netcat or telnet command, you can see that operating system command runs with authorised user rights:
nc 172.19.0.100 6200 id uid=0 (root) gid=0 (root)
To eliminate this vulnerability, you need to update FTP software to the newest version. It is not possible to fix it from any settings.