If so, you might want to pay attention to this announcement of a critical remote vulnerability in the daemon. You can read the alert here. A patch is now available and should be applied quickly if you have core processes using this application.

No authentication is required and it is a pretty straight forward buffer overflow, so exploit code should be easy to design and use. Common framework exploits are expected shortly.

Usually ProFTPd is used as a part of core processing, data warehousing and other heavy data processing solutions across a variety of platforms and industries. You can find installations remotely using nmap -sV scans on your network. Nmap is pretty good at identifying ProFTPd installs.

HoneyPoint users might want to consider deploying port 21/tcp (ftp) listeners to watch for scans for vulnerable servers by attackers. Detected scanning IPs should be investigated on internal networks and black holed on Internet facing segments.