"It was announced that the source for ProFTPD was compromised and a back door was inserted. The attacker compromised the main ftp.proftpd.org site on November 28, 2010. This site is also the main rsync server, which means that anybody who has downloaded ProFTPD between then and December 1, 2010 is potentially running a version with the backdoor code. According to reports, this compromise was performed against an unpatched vulnerability within ProFTPD itself, so even if you did not install the backdoored version, you may be running vulnerable software"
http://sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00....
I'm interested in changing to VsFTPd. I see there is a module for it. I wonder... Does anyone have much experience using VsFTPd with Virtualmin? Is it a bit adventurous to do so? ;-)
Heh, well that's a bummer :-)
Chances are, that wouldn't affect most people though... the distributions offering ProFTPd weren't updated during that time.
As far as vsFTPd goes -- I suspect it might just work for you if you don't attempt to setup an IP based FTP Server, or enable any FTP Directory Restrictions.
I think both of those are tied to ProFTPd... but if you aren't using those, and vsFTPd doesn't mind using users from /etc/passwd, you'd probably be in good shape.
-Eric