Banshee wrote:
A little while ago when I was running wu-ftpd there was people from all
around the world connecting to my FTP (originaly it was only meant for a
few people I know from a small IRC server.) So I changed the password
for the account and then they started to login as root. That's when I
knew I had to remove wu-ftpd (well I wanted to remove it for a while but
since I was never hacked before that I didn't care about it being insecure)
I recently got rid of wu-ftpd and got proftpd instead. I was just
wondering if there is some sort of exploit with wu-ftpd that would let
them find the password for accounts or if it is maybe something else
they used to get my passwords. It was the newest version of wu-ftpd I
have debian unstable and I apt-get upgrade alot.
Here is one root exploit:
http://www.debian.org/security/2000/20000623
And Debian security lists a number of other security problems with
various versions of wu-ftp.
You may want to subscribe to debian-security-announce mailing list to
get security advisories.
--
Jerome
