Article overview

Help article

Checking for and resolving the ProFTPD mod_copy vulnerability

A severe vulnerability has been found in ProFTPD, widely used FTP server software.The vulnerability is caused by the mod_copy module of ProFTPD.

This vulnerability allows an attacker to copy any file on a ProFTPD server without needing write permissions, or to execute random code remotely. The attacker requires a user account for this, or anonymous access to the ProFTPD server (anonymous access is insecure and we recommend against it).

At the time of writing, no patched version of ProFTPD is available yet. In this article, we explain how you can check for this vulnerability and secure your ProFTPD server.

  • TransIP's systems are not susceptible to this vulnerability.
  • By default, our DirectAdmin and cPanel installations use PureFTPD and not ProFTPD.
  • Plesk uses ProFTPD, but newer versions come without the vulnerable mod_copy module, see this article.

Check whether you are using ProFTPD and whether ProFTPD is vulnerable

There are several ways to check whether you are using ProFTPD and whether the mod_copy module is active. The easiest is with the following command (if you use a different port for FTP than 21, you should use that port number in the command):

.

$ echo -e "FEAT\nQUIT\n" | nc localhost 21 | grep COPY

If you use ProFTPD and the mod_copy module is active, you will see an output as in the screenshot below.

proftpd mod copy check

Do you not see "SITE COPY" in the output? Then your VPS is not vulnerable.


Securing your VPS

There are two ways at this time to secure your VPS against misuse of the mod_copy module:

  • Disabling the mod_copy module in ProFTPD
  • Using another FTP server or SFTP via OpenSSH.

We recommend using a different FTP program or OpenSSH instead of ProFTPD. ProFTPD is less actively maintained than other alternatives such as PureFTP and vsftpd.


Disabling mod_copy

 

Step 1

Open the ProFTPD configuration. You use one of the following commands depending on your operating system:

 

CentOS

sudo nano /etc/proftpd.conf

Ubuntu / Debian

sudo nano /etc/proftpd/modules.conf

 

Step 2

Place a # in front of the line in which the mod_copy module is loaded. The result is as follows:

# LoadModule mod_copy.c

Save the changes and close the file (ctrl + x > y > enter).


 

Step 3

Finally, restart ProFTPD to process the changes:

systemctl restart proftpd

For Plesk, use the command:

systemctl restart xinetd

Using another FTP program or SFTP via OpenSSH

Instead of modifying the ProFTPD configuration, you can also use another FTP program or SFTP via OpenSSH. You can use our manuals, which can be found on the following pages:

 

FTP via vsftpd

SFTP via OpenSSH

 

If you use one of these options, do not forget to remove or disable ProFTPD on your VPS as follows:

Disable ProFTPD:

sudo systemctl stop proftpd
sudo systemctl disable proftpd

Remove ProFTPD:

Ubuntu / Debian:

sudo apt -y remove proftpd-basic

CentOS:

sudo yum -y remove proftpd

 

You're now no longer vulnerable for ProFTPD's mod_copy vulnerability! Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘Contact Us’ button at the bottom of this page.

If you want to discuss this article with other users, please leave a message under 'Comments'.

Has this article been helpful?

Create an account or log in to leave a rating.

Comments

Create an account or log in to be able to leave a comment.