On December 1, 2011 the ProFTPD Project team announced that the Project’s main FTP server, as well as mirror servers, were compromised. The ProFTPD 1.3.3c source code was modified to include a backdoor.
The cPanel & WHM Development team obtained the ProFTPD 1.3.3c sources prior to the compromise. Additionally, the Development team has verified that the binary version distributed to cPanel & WHM servers is not affected by this issue. Currently, all product update tiers are set for ProFTPD 1.3.3c.
ProFTPD Compromise Announcement
ProFTPD Project Site