homepage Welcome to WebmasterWorld Guest from 54.167.174.90
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

    
how to encrypt passwords in FTP Client
mattpone

5+ Year Member



 
Msg#: 4170629 posted 12:12 pm on Jul 15, 2010 (gmt 0)

I've been using Core FTP and WinSCP but recently it looks as though my various FTP accounts have been hacked and I need to secure my passwords more carefully?

Is there an FTP Client that allows decent encryption to ensure this doesnt happen again?

 

hugh

5+ Year Member



 
Msg#: 4170629 posted 1:13 pm on Jul 15, 2010 (gmt 0)

I would have thought most modern clients support sftp but you'll need to disable your FTP server or daemon and use an sftp equivalent to get the benefit of it if you're using a unix or similar os. Anyway my preferred windows client is filezilla...

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4170629 posted 4:58 pm on Jul 15, 2010 (gmt 0)

it looks as though my various FTP accounts have been hacked and I need to secure my passwords more carefully?


Are you sure it's the clear text of FTP and not a malware virus on your computer?

I just went through this with a client, the previous developer contracted a virus (we think) and the way it works is it steals your PW for web sites, then modifies code silently, logs in, uploads to the site to spread itself. Those without adequate AVG visit the site, the malicious Javascript installs the malware.

In this case, doesn't matter **what** you use - when you make the FTP/SFTP connection, the malware will steal your login.

But to answer the question, SFTP does exactly this, encrypts the U and P prior to sending, then on receipt the server uses the public key to make a match against the encrypted data - it doesn't decrypt it, only matches on it, to authenticate. The problem is that many shared hosting environments and other hosts make it difficult if not impossible to properly set up secure FTP.

With normal FTP, when you connect and with every file you transfer, the user name and password are sent over the connection in clear text, and anyone who manages to sniff that data will have your login. If it's on multiple sites on different servers, it's unlikely you're a victim of this sort of attack **unless** it's your local connection that is being sniffed.

If you're using wireless, this likelihood increases quite a bit, look into methods of encrypting and securing your wireless connection. But first stop, make sure your AVG is up to date and your computer is clean.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4170629 posted 5:03 pm on Jul 15, 2010 (gmt 0)

it looks as though my various FTP accounts have been hacked


Was that your conclusion or do you have web host where you have shared accounts give you that boilerplate answer to a bunch of accounts on the same server being compromised?

Web hosts always claim it's an FTP account hacking, even when I've been able to prove when half the domains on their server are infected.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved