I use FileZilla for routine tasks and when my OS updated to 64bit I needed to start using their paid version. Like you I have been unable to use their forum but the week I signed up, someone who somehow got in had the same problem I was having and it got fixed. So once a year I pay for the subscription.

I used to use CuteFTP, but had problems at once stage, and it couldn't be fixed, so i moved to FileZilla, and I wish i'd ditched CuteFTP a long time back.

Pretty satisfied with Core FTP.

WS_FTP Limited Edition version 5 circa 1999

This was the free version and found to be better all round that later/paid versions. I do have the paid versions. But WS_FTP LE works in all cases and where many other FTP apps fail... tried them all.

Used WS_FTP LE for YEARS and really liked it. But started having issues when security levels increased so switched to Core FTP and no problems since ... and like it equally as much as WS_FTP LE... Core FTP is also "free"...

I use SCP or RSync from the command line. I haven't used an FTP GUI for at least 10 years, probably more.

Filezilla for me for most web-based tasks. But I also use Dolphin file browser's built-in FTP features for local network file management.

Mack.

Okey-dokey, I'm going to go ahead and get myself in trouble here. When I first saw this thread I immediately thought that letting the public know what FTP client you used could pose security risks.

Past editing tools, okay. But what you use now? I'm not so sure that is wise.

I look upon security as even tiny little bits of information being useful to somebody who is intent on harm and is clever. Yep, that could be labeled as paranoid, but I still remember some years ago somebody here asking me why I wasn't having trouble with SPAM in one of my oft used accounts and I was a bit perplexed about that myself and realized it is because I am paranoid about anything even remotely connected to safety. My first career was aviation and in aviation you better be paranoid about everything or you're going to get in trouble. Aircraft aren't cheap and your passenger's lives are priceless. Paranoid keeps everyone alive. Net security is exactly the same, but with consequences less severe. Well, hopefully less severe. These days software seems to be flying a lot more than humans. That is weird, too.

Secured FTP apps are pretty secure. :)

Some of them even have names. In general use.

However, paranoia is a GOOD THING! Pay attention to the dangers---and avoid them at all costs.

When I first saw this thread I immediately thought that letting the public know what FTP client you used could pose security risks.

I support this and advise clients to never disclose which apps/services they use on their websites.

But discussing FTP and RDC doesn't bother me because I am working on my own servers and always use IP restrictions. Otherwise I wouldn't allow FTP or RDC to run at all.

Going a tad off-topic, but staying on security; when I had to do that six-month stay in the hospital starting last year and my family got me my first Android toy I was so shocked how easy it is for Google to trick people. I view that in the same way as a security issue. And I have some people I communicate with regularly that know Google stuff at an expert level and do work for Google and even they tell me to watch out. I may be too paranoid, but that scares the heck out of me, too. My wife has one of those Apple thingies and not the kind that falls on peoples heads to learn about gravity. This Net world is getting very, very strange.

As for writing code and proofing what is written, that has gotten a lot easier than a bit back. Well, maybe more than a bit. I had a professor who helped write the code for the radar system they used on the Moon for that Apollo project. Big computer rooms in those days were very noisy. And cold. Come to think of it, that professor may not have had any help. He may have written it himself. Can't remember for sure, now.

The Internet is what it is and there is no end to its exploitation. If you are careful what you discuss and how you store information, there is nothing to worry about. It is not only Google and Facebook who has access to your communications, because you can be sure that your local secret service can be tapped in at any time and/or filtering data for keywords.

Just discussing telepathy and voices in one's head can result in strangers contacting you to see if you are ok. That happened to me once... I was in a discussion group many years ago and one of the contacts was sounding a little distressed so I tried to get to the bottom of his depression. Next thing that happens is a spook from my local telecom is phoning me to see if I am alright. Apparently the contact was online from a prison in USA and he was being monitored and someone from the prison was worried about my mental health and contacted my ISP in Australia.

Another vote for CoreFTP.

I have Version 2.2 / Build 1879 / LE Version

It crashes every so often, but, in the main, I've found it to be a pretty reliable workhorse for more than a decade and a half.

On Linux I just open sftp tab or pane in my file manager (Dolphin or Konqueror at the moment). Its not built in on Windows, but there are third party applications that can map remote sftp file systems to local so you can just use Windows Explorer.

Its a better way to do things, because it means every tool you have will work on remote filesystems - file manager, text editors, IDEs, etc.

I used to use CuteFTP, but had problems at once stage, and it couldn't be fixed, so i moved to FileZilla, and I wish i'd ditched CuteFTP a long time back.

there are third party applications that can map remote sftp file systems to local so you can just use Windows Explorer.

Both good options I'll try, I just fired up CuteFTP but it wouldn't connect to my Almalinux 9 server, probably a cipher mismatch, which means upgrading again. Site doesn't even recognize my license for an upgrade so I'm done with them. I like CuteFTP's Site Manager and built-in code editor for simple changes but on the whole it always feels rather outdated, not really worth paying for anymore.

FileZilla has no trouble connecting to the same server, it seems. No built-in code editor but will let me create file associations to other editors.

Mapping a remote SFTP server as a local drive sounds perfect, but also a little less secure somehow (in case of a computer compromise).

Huh. I've used Fetch forever, except a brief period when Fetch lagged behind on SFTP (host started requiring a secure connection, understandably, to download logs) and I had to use ... uh ... Well, it must have been a good while ago, because I no longer remember its name.

It's just never a good idea to publicly share this type of info...

Another Fetch devotee here. For decades.

It's just never a good idea to publicly share this type of info...

When talking about tools one uses, what do you call them?

If security and passwords are in place...

When talking about tools one uses, what do you call them?

That was just my gut reaction.

This thread is about what FTP program individual members use, see title. It's a nice resource for hackers to have when the next vulnerability comes along, right? It's not like the members don't have thousands of other posts where more information can be used to deduce the domain, too.

That's all I'm saying. If the thread was about all FTP programs and people shared what they like and dislike about each, it would actually be a tool discussion. Maybe next month we can have a "what host do you use" thread, too.

By all means, share what you want, my immediate concern was just that it's identifying software to the individual, and possibly much more if more information is in other threads by the member.

If security and passwords are in place...

If passwords were foolproof protection, there would be no hacks. Not revealing identifiable information in a public forum is just good practice, IMO. That's all I meant.

Well aware of the OP's intent, hence the participation!

Maybe next month we can have a "what host do you use" thread, too.

Likely not ... see the TOS for WW. :)

Most of us are, as Brett noted elsewhere recently, anonymous. Not that a determined bad actor could be rampaging all over WW looking for gleeful opportunities, but that bad actor would have to be extremely highly motivated---and extremely focused on the ones who post here on a regular basis who actually have something worth hacking.

I do not see why there is a security concern here at all.

1. This is client software. it would require an MITM attack or access to the server you are accessing to exploit.
2. Its a pretty good guess that webmasters are using SFTP and almost everyone uses the same underlying ssh library so this would only help exploit a vulnerability in higher layers of the GUI app being used.

Its a very small attack surface. Its FAR less of a risk than other information revealed in other forums:


It is also easy to find out server ssh version someone is using because the server announces it on the initial connection so the client can ensure compatibility. This is a far bigger concern but AFAIK has never caused a real world attack.

1. What desktop OS you use.
2. What server OS you use.
3. What webserver, language, libraries, framework, database, and other server side software you use.
4. Code snippets.
5. Database queries.
6. Concerns about specific security issues.

I do not see why there is a security concern here at all.

There's no real security concern, only a "gut reaction" and we're off track again. Of course, if you want to go looking for "risks" you'll find them everywhere.

The thread's been helpful to me, finally made the switch to a different client and checked out a few I didn't know.

Its a pretty good guess that webmasters are using SFTP

Ideally, yes. Unfortunately not all web hosts support it on their shared hosting platforms. A disgrace, really.

but that bad actor would have to be extremely highly motivated---and extremely focused on the ones who post here on a regular basis who actually have something worth hacking.

Or, when the next "FTP vulnerability" is announced, the (usually lazy) bad actor (script kiddie) can do a quick Google search and find a nice "what FTP do you use" thread and start trying to find member sites to exploit, depending on the vulnerability.

Google "what FTP do you use?", without quotes, and Google returns mostly cycling threads because those are more popular, have lower required levels of E.A.T. ... or whatever. Search results getting funky is probably protecting you anyway.

Note: The featured snippet for that search is interesting, too. The winner won the snippet by quoting another site and putting the domain URL of that other site, unlinked, right in the snippet-worthy paragraph. What is going on, G?

Back to publicly sharing the specific software we use on our sites. I use my host provided file access portal, right from their website, because it does not load content from 3rd parties in any request, not even analytics. .... or do I? :)

Just realised that I have the two paras above the list swapped around. "other information revelled in other forms" refers to the lsit above - and I mean subforums of WW.

Ideally, yes. Unfortunately not all web hosts support it on their shared hosting platforms. A disgrace, really.

Please tell me that means they are using FTPS instead! Or some other secure alternative?

They are not, are they?

Anyone using unencrypted FTP these days should expect sites to be compromised.

Who uses these hosts? I had thought that by now the overlap in a Venn diagram of "people who directly access a web host's server's file system" and "people who do not know they should not use FTP" would be tiny by now.

I am being an optimist again?

I have access to a fair number of shared hosting accounts where it goes like this:

Connected. Authenticating...
AUTH SSL
500 AUTH not understood

Ouch. Support for FTPS does seem to be increasing, but since there's nothing for FTP like HTTP's Strict-Transport-Security I fear many users are still connecting over regular FTP, not realizing it's insecure. In CuteFTP you have to explicitly choose one of the FTPS or SFTP options (i.e. know the difference).

That's another thing I like about FileZilla, it defaults to "Use explicit FTP over SSL if available".

That and the name, of course.

Many just want to use a thing to do a thing and if it works, it's all good.

Other issues, besides a secure connection, include not realizing when you mix UTF-8 and ISO. "Why are my files double-spaced after I upload them?" is typically how people notice "something" happened, if they notice.

If your host has an on-site FTP tool, and you can upload a file through their secure web portal, and they do not make calls to any 3rd party in the process, consider using it. You get customer service when it doesn't work properly, giving them incentive to make sure it does.

Anyone using unencrypted FTP these days should expect sites to be compromised.

Then again, look at how many http sites you still see every way you turn--and not all of them are sites that were last updated in 2017.