14 {{ upvoteCount | shortNum }}
14 {{ upvoteCount | shortNum }}

Use Filezilla? You MUST read this...

by T2007
12 replies
  • OFF TOPIC
    • |
Hi All,

A friend of mine sent me this after her sites got attacked by a hacker.
Just thought to share here for Warriors to protect their files and sites from hackers.

Beware: FileZilla Doesn’t Protect Your Passwords | Unmask Parasites. Blog.

Malware Steals Credentials

Best,
Tammy
  • Profile picture of the author Patrician
    Note these articles are 2 years old.

    I know there have been upgrades since then so if there was a breach hopefully they fixed it by now.

    I have used FZ for about 5 years or so and never been hacked.

    It is never a good idea to save sensitive passwords and I don't usually - however in this case I do (in FZ Site Manager) - so thanks for the warning.

    Just for general purposes I am going to delete them now.

    Thanks.
    Signature

    Patricia Brucoli
    Plug-In Profit Site Helpdesk

    {{ DiscussionBoard.errors[4927290].message }}
  • Profile picture of the author mojojuju
    This has been discussed at length on the Filezilla forums. If you research there you'll learn how to prevent any malware exploits involving the use of Filezilla.
    Signature

    :)

    {{ DiscussionBoard.errors[4928834].message }}
  • Profile picture of the author seasoned
    Originally Posted by T2007 View Post

    Hi All,

    A friend of mine sent me this after her sites got attacked by a hacker.
    Just thought to share here for Warriors to protect their files and sites from hackers.

    Beware: FileZilla Doesn't Protect Your Passwords | Unmask Parasites. Blog.

    Malware Steals Credentials

    Best,
    Tammy
    It is IMPOSSIBLE for FTP to protect your passwords!!!! Violate that, and it will FAIL! You CAN use SFTP which MUST protect your passwords! FTP is about the 3rd least safe protocol!

    #1 is EMAIL!
    #2 is TELNET!
    #3 is FTP!

    Steve
    {{ DiscussionBoard.errors[4928858].message }}
    • Profile picture of the author sammyjdouglas
      Originally Posted by seasoned View Post

      It is IMPOSSIBLE for FTP to protect your passwords!!!! Violate that, and it will FAIL! You CAN use SFTP which MUST protect your passwords! FTP is about the 3rd least safe protocol!

      #1 is EMAIL!
      #2 is TELNET!
      #3 is FTP!

      Steve
      what do you mean by email? How would you go about using email to protect?
      {{ DiscussionBoard.errors[4929791].message }}
      • Profile picture of the author seasoned
        Originally Posted by sammyjdouglas View Post

        what do you mean by email? How would you go about using email to protect?
        I actually recently got a job, and the idiots actually wanted me to send my SSN via email. I told them *********NO WAY*********! They had the AUDACITY to have ME, ****ME**** take a course on privacy. One item they covered? NEVER send private info, such as an SSN, via email! WHY? Because EACH hop STORES YOUR EMAIL IN PLAIN TEXT!

        Telnet sends ALL info, including passwords, as PLAIN TEXT! FTP sends ALL info, including passwords, as PLAIN TEXT.

        Steve
        {{ DiscussionBoard.errors[4930160].message }}
        • Profile picture of the author HeySal
          Originally Posted by seasoned View Post

          I actually recently got a job, and the idiots actually wanted me to send my SSN via email. I told them *********NO WAY*********! They had the AUDACITY to have ME, ****ME**** take a course on privacy. One item they covered? NEVER send private info, such as an SSN, via email! WHY? Because EACH hop STORES YOUR EMAIL IN PLAIN TEXT!

          Telnet sends ALL info, including passwords, as PLAIN TEXT! FTP sends ALL info, including passwords, as PLAIN TEXT.

          Steve
          Steve with all your tech knowledge and all your security knowledge -- why don't you have an ebook or report out? It would probably really help people to read what you know about computer security.
          Signature

          Sal
          When the Roads and Paths end, learn to guide yourself through the wilderness
          Beyond the Path

          {{ DiscussionBoard.errors[4930488].message }}
          • Profile picture of the author seasoned
            Originally Posted by HeySal View Post

            Steve with all your tech knowledge and all your security knowledge -- why don't you have an ebook or report out? It would probably really help people to read what you know about computer security.
            My problem is I keep thinking "NOT GOOD ENOUGH", "NOT COMPLETE"," CAN WAIT", etc....

            HECK I am writing a little book on out-sourcing. I don't want to bore you with anecdotes, etc... But I wan't to create some documents to make it clearer, and keep coming up with more. I recently added a bunch of small stories, about 1/5 a page each, that have cute titles, are funny, and illustrate points. The kernel of the document will probably always be less than 20 pages though. But I want to have extensible, reasonable, and usable documents. The kind that would save me like 99% of the time, if followed.

            This world is surreal! It is like the guy here that sys he is an expert, wonders why he has such a hard time outsourcing, and says he draws pictures and lines to get the ideas across! MY problem is haggling, and dealing with people. I wonder how OTHER's do this, even if they can do what I can't, but can't do, or won't do, what I can. THEN I think about all the contracts that I am on, like the current one! And then I realize! OH YEAH.......... THEY DON'T! They throw money and time at a problem. By money, I mean hundreds of thousands or hundreds of MILLONS! By time, I mean months, or decades!

            Steve
            {{ DiscussionBoard.errors[4932325].message }}
            • Profile picture of the author LeeLee
              Originally Posted by seasoned View Post

              My problem is I keep thinking "NOT GOOD ENOUGH", "NOT COMPLETE"," CAN WAIT", etc....

              Steve
              Do what the rest of the digital world does. Put out a beta version and then tweak it from there.

              I don't like this method but I am forced to accept it anyway so the little guy might as take advantage of it too.

              Offer free upgrades.
              Signature
              The wisdom of life consists in the elimination of nonessentials. ~ Lin Yutang
              {{ DiscussionBoard.errors[5148872].message }}
  • Profile picture of the author mojojuju
    I can't think of a good reason to use FTP any more when there's SFTP and SCP. Still, if you're using a client for those protocols to store your passwords in plain text, then you fall susceptible to the same problems mentioned in the OP.

    The best thing to do is use SCP with public key authentication. It's more complicated to set up, but it offers more security and simplicity once it's set up.

    Windows users can download WinSCP :: Free SFTP and FTP client for Windows and use that as a pretty good SCP/SFTP/FTP client which if you choose to store your passwords in plain text, they can be protected by a master password (I suspect Filezilla has that functionality too).

    But if you're using passwords to authenticate on any protocol, you're going to have to have them stored as plain text. Or if they're not stored in plain text, they're going to have to be able to be decrypted by the client program when needed - and malware programs will likely be able to decrypt them too.

    Also, it's a good idea to keep a secure system so that malware and other variants of unauthorized access methods don't get there in the first place!

    The best way to go in my opinion is to ditch FTP and use SCP with public key authentication - and keep your computer SECURE! There's NOT SUPPOSED to be malware on your computer!
    Signature

    :)

    {{ DiscussionBoard.errors[4928947].message }}
  • Profile picture of the author HeySal
    I use Notebook Zilla to keep all of my passwords........um..
    that's not a program - it's a notebook that sits by my computer that I tuck elsewhere when I leave the house. Has kept my passwords memorable and protected for 5 years now.
    Signature

    Sal
    When the Roads and Paths end, learn to guide yourself through the wilderness
    Beyond the Path

    {{ DiscussionBoard.errors[4930089].message }}
  • Profile picture of the author FreeMysteryGift
    Hi Folks,
    I need help with Filezilla.
    Any Filezilla experts or know where I can find one?
    I'm willing to pay for the help.
    I'm not Tech-Savvy.
    I've been using Filezilla for many months now with no issues.
    Yesterday, I could not connect to any of my Hosting Provider's servers anymore.
    It keeps going into Passive mode, then Timing Out.
    You can PM me.
    Would very much appreciate any help from anyone.
    Thanks!
    James
    {{ DiscussionBoard.errors[5148584].message }}
  • Profile picture of the author FreeMysteryGift
    O.K. Small Tweak. Problem solved.
    {{ DiscussionBoard.errors[5149331].message }}

Trending Topics