hacked: probably through proftp


May 24, 2003
just wondering if anyone else has faced a hack of their system. i'm assuming it was done through the proftp vulnerability considering that a couple of rootkits were installed and the resulting files were part of the proftp user group.

most odd thing is that i had read the security notice and i had already switched to pure-ftp over a week before this happened. now i'm trying to figure out if somehow the proftpd was running although i had switched to pure-ftp and rebooted several times since then.

i'm running rh8.0 (i know, i know), with cpanel on the current release tree. everything's kept up to date.

now i have to move everything to a new server and reformat the other one.