Comments on: FileZilla Alert – Hacker Threat Through Trojan Virus

By: Doogie

Doogie — Fri, 03 Sep 2010 14:08:03 +0000

Just keep in mind that the problem with your server being hacked may or may not have been related to FileZilla. Servers with many hosting companies are hacked simply due to weak security. Many site owners also use weak passwords that are easily cracked.

Also, the Trojan virus needs to infect your PC before your passwords will be compromised. In other words, there are issues other than FileZilla that can lead to this problem. I’m not defending FileZilla, but I am trying to put the problem into perspective.

By: Anonymous

Anonymous — Fri, 03 Sep 2010 04:58:02 +0000

What I’d like to know is: If FileZilla stores the usernames and passwords in a folder in AppData, then it still needs ANOTHER application for it to go in and (1.) Find the passwords and (2.) use them to modify the files on my server and then implement malicious malware, like it did.

And all this happens within the first few weeks that I use filezilla. Wouldn’t it take a little longer for some random application or website to be specifically looking filezilla usernames at that exact file location OTHER than filezilla itself?

Anyone see what I’m getting at?

It’s very suspicious that all these testimonials claim this happened within just the first few weeks of using filezilla.

By: mrveenie

mrveenie — Wed, 21 Jul 2010 17:18:00 +0000

Well i think this is very very stupid.. This design fault in filezilla is quite major… Most of the FTP programs has encrypted password files.

Some kind of trojan can get trough the best security… You have a save in your home also for the money and stuff dont you???

Why is this program just giving my password as a stupid plain text file?? its the same as layin down your bankcard including the pin code…

i think its very stupid!. My security on the laptop is strong enough AVG runs every week, and a couple of malware busters also. and still i got busted by this virus..

i couldnt find out why my sites got busted all the time so i started looking in the laptop.. and yes i found one small trojan that came with a cookie… the firewalls! (3 in total) didnt recognized it…

By: Kevin M

Kevin M — Mon, 21 Jun 2010 00:32:54 +0000

I get a charge out of reading this hogwash! For anyone concerned about security to blame one program for storing your information in a plain file and is the cause of a breach is a load of crap! The operating system stores these files all over the computer.

So instead of blaming a program for its lack of security. Blame the PC owner for their lack of security on their end! You want to set here an create an article on a free tool and blame them because you cannot keep your own system secure. It is a sign of your total lack of knowledge of how a computer works!

By: Lynn

Lynn — Thu, 03 Jun 2010 15:21:49 +0000

I have to agree with Steve here, although I’m not one to call anyone lazy because I know how lazy I am. Still, FileZilla is a free program and for all that, it’s great. But sometimes you do get what you pay for, and if you want a more secure program, you need to find other options. Frankly, my computer is what I worry about and if FileZilla is not storing my passwords in encrypted files, then I feel it’s my own responsibility to make sure my computer is as secure and safe as it can be. That’s the real issue here, as many other commenters have said before me.

By: Steve

Steve — Fri, 07 May 2010 19:59:41 +0000

This is really a not a security issue. Quit being lazy and don’t save your passwords in your server settings. Erase private data after using Filezilla. Don’t blame the application.

By: Dooley

Dooley — Mon, 15 Mar 2010 17:54:04 +0000

Antivirus 2009 hit me over the weekend after I visited another designers site here in town. Ofcourse, I’ve been using FileZilla, but while I had some passwords in there, most of them are in my head.
Change passwords, Find/Replace, ugh… what a waste of ten hours. They’re still not all clean either.
I can’t believe this ftp client is storing my info in plain text. And I thought browsers were bad (want me to remember your password for you? I promise I won’t tell… too many…)
Thanks for the article!

By: Jan van Niekerk

Jan van Niekerk — Thu, 14 Jan 2010 08:15:57 +0000

I really really enjoyed reading this, since I see hundreds of HTML hacks per month on servers – and not confined to filezilla by any means. Thank you especially Sherie for your “insights”. We laughed and laughed and laughed. Long term fix is don’t run MS Windows, Outlook or MS Internet exploder, which opened the door for the evil programs that read the filezilla password file whenever you change it. However, this was unexpectedly entertaining – thank you again.

By: Nick

Nick — Thu, 31 Dec 2009 04:37:23 +0000

I just ran into this problem. I was using filezilla and had saved my password on 3 sites. All 3 sites infected. It is placing code in .jsp and .php files from what I can tell. the code was at the bottom on these pages and the ony way I figured it out is by looking at the log files. You have to remove the scripts from all the files or they overwrite your deletes. Dump filezilla – it is completely compromised.

By: Sherie

Sherie — Wed, 28 Oct 2009 14:16:42 +0000

Update from Sherie:

Wanted to let everyone know that FileZilla finally DID reply to my support request:

They reported as follows:

- they dismissed my bug report
- i should scan my own site
- FileZilla has no problems with malware

So there you have it folks. I’m changing FTP programs.

Have a good day!

Sherie