이전에 포스팅한 ProFTPD 1.3.3c 공식홈페이지에서 백도어가 포함된 버전 배포 와 관련한
proftpd 공식 홈페이지의 분석내용입니다. 이하 원문입니다.
Update to the ProFTPD Compromise Report
By analyzing log files recovered from the compromised server, we can confirm that the primary FTP site was compromised earlier than originally announced.
In addition to the previously reported period from 2010-Nov-28 to 2010-Dec-02, ftp.proftpd.org and
the ProFTPD mirror
network distributed files with malicious content on 2010-Nov-16 between about 08:00 UTC
and 13:00 UTC.
In the weeks since, we've made several changes to restore and improve the security of our software
distribution sites. We've rebuilt the compromised server from scratch, and implemented automated
daily signature checks for current releases on ftp.proftpd.org and all official mirrors.
We'd like to thank everyone who offered and provided assistance, especially those who reported
suspicious files downloaded during the earlier time window.
관련 링크 : http://proftpd.org/