netstat -tulpn | grep :21 ps aux | grep vsftpd
In July 2011, the official vsftpd (Very Secure FTP Daemon) project was compromised. Attackers replaced the legitimate source code of version 2.0.8 with a malicious version. This backdoored copy remained on the official download servers for several days before being discovered. vsftpd 208 exploit github fix
Use a firewall (like UFW or iptables) to restrict access to port 21 (FTP) so that only trusted IP addresses can connect. netstat -tulpn | grep :21 ps aux |
If you're stuck with an older version of vsftpd and can't upgrade, you can apply a patch to fix the vulnerability. A patch is available on GitHub: vsftpd 208 exploit github fix
vsftpd -v
clamscan /usr/sbin/vsftpd