Every one can execute for example:
site change AnyGrp GROUPVSFILE ..\etc\admin.vfs

although in .ini its being disallowed:


[Change-Permissions]
groupvfsfile = M


Example logged in as normal user (no +M flag):

[code]
[R] (02:15:54) SITE CHANGE AnyGrp GROUPVFSFILE ..\etc\admin.vfs
[R] (02:15:55) 200 CHANGE Command successful.
[R] (02:16:15) CWD .


This is pretty bad :<

[02:58:12] [R] site user
[02:58:12] [R] 200-.--------------------------------[User Info]----------------------------------.
[02:58:12] [R] 200-| |
[02:58:12] [R] 200-| Login: Zazzle Group: Dolls |
[02:58:12] [R] 200-| Unfo : Im is cool! Flags: 3 |
...
[02:58:02] [R] site change test groupvfsfile ..\vfs\patate.vfs
[02:58:02] [R] 500 groupvfsfile: Permission denied.


You ini should have [Change_Permissions], not [Change-Permissions]
This is mentioned in the upgrade thread, and probably in other forum posts.
You upgraded your .exe, but didn't change your .ini accordingly... Thus the security breach on your FTP.

A good reason not to make extreme claims in thread titles.
You just got owned darko and EVERYONE will be reading this thread ;)
Hehe
Feel for ya fella

Originally posted by EwarWoo
A good reason not to make extreme claims in thread titles.
You just got owned darko and EVERYONE will be reading this thread ;)
Hehe
Feel for ya fella

hehe. not really.

It was an old bug i thought it didnt get fixed (http://www.ioftpd.com/board/showthread.php?s=&threadid=1000&highlight=GROUPVFSFILE)

It did obviously

sorry

thnx Mouton for pointing it out.