A critical security issues has been discovered in ProFTPd. This is the FTP server supplied with Plesk. Today Plesk has announce a patch for the issue: http://kb.parallels.com/en/9294 History on this issue can be found here: http://bugs.proftpd.org/show_bug.cgi?id=3521 There was considerable confusion about this issue and what versions of Plesk are impacted. As we understand it, Plesk <= 9.3 is not impacted. According to the ProFTPd bug reports: If you FTP into your server, the ProFTP version will be displayed: Connected to localhost.localdomain. 220 ProFTPD 1.3.1 Server (ProFTPD) [127.0.0.1] 500 AUTH not understood 500 AUTH not understood Code (markup): If your version is 1.3.2rc3 or later, then review the Plesk information about fixing the issue. There was another Plesk announcement yesterday, but some of the information at that time was incorrect: http://www.parallels.com/products/plesk/ProFTPD If you are unsure about your FTP, use Plesk's firewall module to block FTP and/or disable FTP at the command line: chkconfig ftp_psa off service xinetd restart Code (markup):