Maybe there are some additional ideas from the developers of ISPConfig. I have written my question here:
https://www.howtoforge.com/community/threads/security-hole-in-ftp-server-version-1-0-36.69684/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

