All OK

FTP VULNERABILITY ANNOUNCED IN PLESK

Resolved At November 13, 2010 14:53

We have identified a 0-day exploit in the version of ProFTPD installed by standard on Plesk versions 9.5 and 10; this may also affect separate installations of ProFTPD outside of Plesk. You can determine the version of your Plesk installation from within the Plesk control panel.

The following URL contains further information: http://www.parallels.com/uk/products/plesk/ProFTPD

Due to the dangerous nature of this exploit, we have taken the preventive measure of adding a rule to drop all FTP traffic to every customers firewall rule list. This will only affect you if you are behind one of our UltraFire firewalls. If you believe you are not affected by this exploit, or are not running ProFTPD, you may remove the rule through the firewall web interface. Should you be unsure, we recommend you raise a ticket via https://support.melbourne.co.uk and an engineer will be happy to investigate for you.

We will be performing a full scan of FTP servers running on our network, and will be contacting all customers individually who are running the vulnerable versions of ProFTPD. We will leave the preventive firewall rule in place until we are happy that the network is clear from vulnerable FTP versions.

Please be aware that until you move or remove this FTP drop rule, you will be unable to add/amend/remove any other rules.

Latest Update

Updated at November 13, 2010 14:53 by Melbourne Support

Further to Rob's email last night, we have been able to identify the machines on our network running the affected version of ProFTPD.

For customers who were found to not have affected machines, we have now removed the temporary "block all FTP" rule which we put in-place yesterday evening. You won't receive any further correspondence from us.

If you appear to be running an affected version, the rule will have been left in-place, and we'll contact you separately. Customers with server management are being patched by our staff today.

We apologise for the inconvenience that may have been caused by the short notice of this, but I hope you'll agree that it was the most sensible approach given how serious the potential consequences could have been, of un-patched machines being left exposed.

As ever, if you have any questions or feedback, please get in touch.