|how to encrypt passwords in FTP Client|
| 12:12 pm on Jul 15, 2010 (gmt 0)|
I've been using Core FTP and WinSCP but recently it looks as though my various FTP accounts have been hacked and I need to secure my passwords more carefully?
Is there an FTP Client that allows decent encryption to ensure this doesnt happen again?
| 1:13 pm on Jul 15, 2010 (gmt 0)|
I would have thought most modern clients support sftp but you'll need to disable your FTP server or daemon and use an sftp equivalent to get the benefit of it if you're using a unix or similar os. Anyway my preferred windows client is filezilla...
| 4:58 pm on Jul 15, 2010 (gmt 0)|
|it looks as though my various FTP accounts have been hacked and I need to secure my passwords more carefully? |
Are you sure it's the clear text of FTP and not a malware virus on your computer?
In this case, doesn't matter **what** you use - when you make the FTP/SFTP connection, the malware will steal your login.
But to answer the question, SFTP does exactly this, encrypts the U and P prior to sending, then on receipt the server uses the public key to make a match against the encrypted data - it doesn't decrypt it, only matches on it, to authenticate. The problem is that many shared hosting environments and other hosts make it difficult if not impossible to properly set up secure FTP.
With normal FTP, when you connect and with every file you transfer, the user name and password are sent over the connection in clear text, and anyone who manages to sniff that data will have your login. If it's on multiple sites on different servers, it's unlikely you're a victim of this sort of attack **unless** it's your local connection that is being sniffed.
If you're using wireless, this likelihood increases quite a bit, look into methods of encrypting and securing your wireless connection. But first stop, make sure your AVG is up to date and your computer is clean.
| 5:03 pm on Jul 15, 2010 (gmt 0)|
|it looks as though my various FTP accounts have been hacked |
Was that your conclusion or do you have web host where you have shared accounts give you that boilerplate answer to a bunch of accounts on the same server being compromised?
Web hosts always claim it's an FTP account hacking, even when I've been able to prove when half the domains on their server are infected.