Comments on: Beware: FileZilla Doesn’t Protect Your Passwords

By: Denis

Denis — Wed, 25 Jan 2012 22:51:11 +0000

In my experience, passwords saved in FileZilla helped hack tens of thousand websites (probably even more)

Hackers don’t have to steal your desktop. It’s enough to run a trojan on your computer. One minute is enough to scan your computer for known places where programs store passwords and other sensitive information and send that information to hackers. http://blog.unmaskparasites.com/2009/09/23/10-ftp-clients-malware-steals-credentials-from/

By: Chris

Chris — Sat, 21 Jan 2012 05:00:55 +0000

Well this was a little disconcerting to read. I’m going to get Filezilla Portable – thanks Arthur!

By: Josh

Josh — Thu, 12 Jan 2012 16:11:06 +0000

I think this post would be more accurate if it were called, “Beware: 90% of the Programs You Use Don’t Protect Your Passwords”.

The intro to the post makes it sound like all these sites are getting hacked because of Filezilla, but most of the hackings have nothing to do with Filezilla. It usually happens because of outdated content management software running on remote servers.

Filezilla is a great program, and there is nothing wrong with what it does. The only danger with the XML file is if someone steals your laptop. That is why laptop hard drives should be encrypted…

By: USAA phishing emails « Diary of a computer geek

USAA phishing emails « Diary of a computer geek — Sat, 24 Dec 2011 01:59:06 +0000

[...] Beware: FileZilla Doesn’t Protect Your Passwords Share this:DiggFacebookRedditStumbleUponTwitterLike this:LikeBe the first to like this post. Categories: Anti-virus and Anti-malware Tags: Malwarebytes, phishing, spam, Trojan.Zbot.CBCGen, USAA Comments (5) Trackbacks (0) Leave a comment Trackback [...]

By: Krasi

Krasi — Sat, 19 Nov 2011 19:52:50 +0000

For one I know that HostGator offers SSH and SFTP on their shared hosting and I use it all the time to protect my logins from being sniffed over the network.

It would have been nice if you had extended the article and included some good FTP clients that do encrypt the password.

Thanks

By: FTP over SSL | TerraNetwork

FTP over SSL | TerraNetwork — Fri, 18 Nov 2011 16:58:55 +0000

[...] Hence, even if the connection is securely encrypted with FTP over SSL, the stored FTP logins is easily obtained should the machine become infected with [...]

By: yereverluvinunclebert

yereverluvinunclebert — Wed, 14 Sep 2011 11:07:49 +0000

I was trialling filezilla and configured 4 sites in the site manager. My PC was subsequently infected with a trojan (it happens) and all four sites were hacked and destroyed. All my other sites used WSFTP which has password encryption. None were hacked. Avoid using filezilla if you are using Windows in any form.

By: Dylan

Dylan — Mon, 05 Sep 2011 10:16:54 +0000

Similar thing happened to me. An infected computer sent out Filezilla’s plain text password file to a server where it was used to log in and infect all HTML and PHP files on my site.

Note, you are NOT SAFE WITH SFTP with Filezilla if you get Filezilla to hold the password as it will still be available in an unencrypted file!

The solution is to use sftp with NO password and to use a SSH key; then simply load your private key into a key manager such as pageant. You can automatically and securely log in without needing to type in a password.

By: Arthur

Arthur — Fri, 20 May 2011 20:54:25 +0000

Just use Filezilla Portable via portableapps.com it’s secure as it’s portable and doesnt save any data on PC

By: Dermott

Dermott — Sun, 06 Mar 2011 19:04:25 +0000

But honestly, if you’re going to blast your username/password pair in clear text across the NETWORK, who gives a flip if it’s stored in a file on your hard drive?

The problem isn’t FileZilla, it’s FTP.