Hi, I many time got hacked due to use ftp from malware infected computer, can any one know how to prevent from such attach in future. i am using Filezilla FTP Client to upload file to server, daily i am uploading or donloading from 10 to 12 different domain so practically it is not possible to change ftp password every time i use ftp, someone suggest me that use SFTP, FTPS, FTPES to prevent from this type of hacking attach? My Question is 1. What is the best solution to prevent ftp hacking attach 2. can anyone tell me SFTP, FTPS, FTPES is secure? event if malware in my computer, 3. what i have to do to use SFTP, FTPS, FTPES, i have VPS server and almost 200 domain are hosted Please dont reply if your answer is 1. Use ftp from Malware free computer 2. Change ftp password after finishing upload i know this trick but practically it is hard to implement
First of all, get rid of FileZilla. It stores all saved logins in a plain text file. Viruses look for this file and steal the FTP logins, send them to a server which then infects the website(s). I recommend WS_FTP by Ipswitch because it encrypts the password. The virus also works by sniffing the outgoing FTP traffic and since FTP transmits all data, including username and password in plain text, it's easy to steal it that way as well. Unfortunately, you will have to change the FTP password after you find the virus that is stealing the FTP passwords. The virus is good at evading detection so you may have to use something different. Many have had good success using one of the following: Avast, F-Prot or Kaspersky. Post back here if you have any further questions.
i suggest you to see for reference related with your topic. i hope..that can help you... here the url: http://superhacker.org regards, Noctis Warlock
no doesnt help a simple c++ stealer could steal your info leading to your site being hacked you could save username but always type the password.
FileZilla stores the SFTP username and password in plain text as well. So while the SFTP will prevent the "sniffing" of user credentials, it won't stop the virus from just reading them from the file. Look in this file: C:\Documents and Settings\(user)\Application Data\FileZilla\sitemanager.xml You'll see the username and password in there, for the most version of FileZilla.
I'm pretty sure FileZilla has a kiosk mode which makes it stop saving the passwords: Haven't tried it personally though, as I don't use FileZilla all that often. If that doesn't do the trick I'm assuming you could set up a script running on cronjob to remove the sitemanager.xml file.