FTP Security Question

5 replies
  • WEB DESIGN
  • |
I read a posting on this forum where someone stated that their website was hacked due to using a FTP such as Filezilla to upload files to their host server. Can anyone explain how this happens and what security measures we can take to prevent it? I am setting up a WordPress CMS and would definitely appreciate any information on how I can make it more secure. Thanks!
#ftp #question #security
  • Profile picture of the author Will P
    IMO Filezilla is safe as are all the rest of the ftp softwares out there. My guess is they your friend left a doorway open such as leaving a directory vulnerable via the wrong permission settings such as 777. (read-write-exicute)
    {{ DiscussionBoard.errors[2900854].message }}
  • Profile picture of the author Abledragon
    Using FTP is less secure than using SFTP because your FTP login details are transmitted in clear across the Internet. So anyone can eavesdrop your connection, pick up your login details and get access to your site that way.

    For better security you should use SFTP (Secure File Transfer Protocol), where your login details are encrypted, and FileZilla supports that right out of the box.

    Note, though, that not all hosting providers support SFTP. The first one I used did not support it so I moved to Hostgator.

    Cheers,

    Martin.
    Signature
    WealthyDragon - Earning My Living Online
    {{ DiscussionBoard.errors[2901130].message }}
    • Profile picture of the author ronwestmba
      Originally Posted by Abledragon View Post

      Using FTP is less secure than using SFTP because your FTP login details are transmitted in clear across the Internet. So anyone can eavesdrop your connection, pick up your login details and get access to your site that way.

      For better security you should use SFTP (Secure File Transfer Protocol), where your login details are encrypted, and FileZilla supports that right out of the box.

      Note, though, that not all hosting providers support SFTP. The first one I used did not support it so I moved to Hostgator.

      Cheers,

      Martin.
      I just spoke with BlueHost and they do provide SFTP. All I have to do is send in a copy of my government issued id (drivers license, etc.). Thanks for the feedback!
      {{ DiscussionBoard.errors[2902050].message }}
  • Profile picture of the author mystline
    Some viruses also target saved FTP details that some less secure programs store in the registry/unsecured text files.

    As Abledragon said, SFTP is more secure and if you're using regular FTP anyone with packet sniffing software could potentially pick up your details.

    My advice is to always type in your password manually, I even go as far as not saving site details in any of my FTP programs (although sometimes it's a pain when you forget IP's!)

    Hope this helps.
    {{ DiscussionBoard.errors[2901317].message }}
    • Profile picture of the author ronwestmba
      Originally Posted by mystline View Post

      Some viruses also target saved FTP details that some less secure programs store in the registry/unsecured text files.

      As Abledragon said, SFTP is more secure and if you're using regular FTP anyone with packet sniffing software could potentially pick up your details.

      My advice is to always type in your password manually, I even go as far as not saving site details in any of my FTP programs (although sometimes it's a pain when you forget IP's!)

      Hope this helps.
      I just tried to delete my login information in Filezilla but it keeps coming back. How do you delete yours so you can enter manually? Thanks for the info!
      {{ DiscussionBoard.errors[2902046].message }}

Trending Topics