原因如下:
原网址是:http://www.glftpd.com/newpage/
the package with glftpd 1.29 for linux on glftpd.com was changed to include trojan code, infected glftpd binary has md5sum :
5294e2aff6dbc020d92a0f383f9f4079, good one has : 0e153dbb82e833f74d69be9872472a3a
we dont know if some other bins have been trojaned too but it seems that only linux binary was changed
files on pftp.suxx.sk/glftpd-TLS are clean, so if you used tls binary you should have no problem
the trojan creator could get root shell on your infected machine
the trojan does NOT notify the trojan creator, so he has to know your ip:port to get in
the trojan works like this :
the infected glftpd binary is runned by inetd, the trojan checks the connection and if it matches special pattern it will wait for you to enter something, if you enter “glftpd” it will run root shell (/bin/sh -i), if you enter something else or your connection doesnt match the pattern it will unpack normal (non infected) glftpd binary to “/tmp/.fileur6gLg” and run it so your ftp client doesnt notice anything…
how to check if you used this trojan :
look for “/tmp/.fileur6gLg”, if its there you could have been hacked
check md5sum of your /glftpd/bin/glftpd file, compare with the sums above
do “ps --forest”, if you see “_ .fileur6gLg” you have trojaned binary…
etc
what to do:
well there is a chance that if you have been running these binaries, and the author knew your ip:port you are hacked, he could install some rootkits or backdoors so the only way to remove it all is to do a clean reinstall !!!
p.s.: on pftp.suxx.sk/glftpd-TLS you can find clean binaries 1.29 linux non-tls
pftp guru 
升级方法:
1.覆盖新的glftpd程序
2.在安装目录中找到create_server_key.sh
运行/glftpd/create_server_key.sh FOOBAR
???那个foobar好像是个key…换成别的也可以吧???
生成pem结尾的…证书…不要放在glftpd的root目录就可以了
3.编辑inetd.conf或者xinetd.conf
在glftpd的后面加入参数 z cert=/path/file.pem
指明证书位置…
4.重起xinetd服务…或者是inetd
5.用flashfxp…选择ssl或者tls就可以登陆了…普通的客户端也可以登陆