FTP vulnerability - has your site been broken into?
FTP, to say the least, is a very insecure protocol. Usernames and passwords are sent in plain text and can be sniffed anywhere between the route from your computer to the host's server where your files are stored. Outgoing traffic from your computer can also be sniffed by malware that is installed on your computer. Since passwords are sent in plain text, malware authors don't even need to bother looking for the configuration file on your computer containing account credentials. They can simply sniff outgoing traffic.
The solution? (or at least, a better solution so as to thwart malware authors and other wrong-doers trying to sniff FTP passwords) use SFTP (secure FTP)! You can enable SFTP by enabling SSH on your hosting, which usually requires authorization. However the benefit will be well worth it if you have had a website hacked for seemingly no reason. Your FTP password being stolen is a likely candidate.
More on this at the original article on using SFTP to administer a website at slashdot.
For a SFTP client, I suggest fireFTP. They recently added SFTP capability.
The solution? (or at least, a better solution so as to thwart malware authors and other wrong-doers trying to sniff FTP passwords) use SFTP (secure FTP)! You can enable SFTP by enabling SSH on your hosting, which usually requires authorization. However the benefit will be well worth it if you have had a website hacked for seemingly no reason. Your FTP password being stolen is a likely candidate.
More on this at the original article on using SFTP to administer a website at slashdot.
For a SFTP client, I suggest fireFTP. They recently added SFTP capability.
posted by the fractal brothers at 7/13/2009 12:26:00 PM
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home