Comments on: FileZilla Alert – Hacker Threat Through Trojan Virus

By: PHP Site hacked

PHP Site hacked — Tue, 22 Nov 2011 12:40:09 +0000

[...] If you are using FileZilla for FTP, be aware that passwords are not encrypted in FileZilla. FileZilla Alert – Hacker Threat Through Trojan Virus You can have it fast, good or cheap. Pick any two. Phoenix Managed Services :: Free Car [...]

By: D.Shaun Morgan

D.Shaun Morgan — Mon, 25 Jul 2011 17:31:57 +0000

Filezilla is a free software. I’ve used it for several years. about ayears ago, my laptop aquired a virus that was really hard to get out. My inex pages kept getting defaced. For while, I would change all my website passwords, and everything would be fine until I ran filezilla. Shortly afterwards my sites would be defaced again. I do nto blame filezilla, however, for my lack of security at the time. If you have websites that handle sensitive data, you should consider purchasing somethign like WSFTP or some other FTP client that has encryption support.

Furthermore, if you are able to read and write the program c++ most likely – go get the source code and change it to meet your needs. Who knows you might find the secret that Filezilla is keeping from us about being into all these wensite defacements!

By: Richard

Richard — Fri, 10 Sep 2010 18:32:54 +0000

So Mac users like me need not be concerned by the hacking issue? If Trojans for Macs are rare or non-existent then using Filezilla is OK?

I’d really like an answer from someone wiser than myself.

By: Doogie

Doogie — Fri, 03 Sep 2010 14:08:03 +0000

Just keep in mind that the problem with your server being hacked may or may not have been related to FileZilla. Servers with many hosting companies are hacked simply due to weak security. Many site owners also use weak passwords that are easily cracked.

Also, the Trojan virus needs to infect your PC before your passwords will be compromised. In other words, there are issues other than FileZilla that can lead to this problem. I’m not defending FileZilla, but I am trying to put the problem into perspective.

By: Anonymous

Anonymous — Fri, 03 Sep 2010 04:58:02 +0000

What I’d like to know is: If FileZilla stores the usernames and passwords in a folder in AppData, then it still needs ANOTHER application for it to go in and (1.) Find the passwords and (2.) use them to modify the files on my server and then implement malicious malware, like it did.

And all this happens within the first few weeks that I use filezilla. Wouldn’t it take a little longer for some random application or website to be specifically looking filezilla usernames at that exact file location OTHER than filezilla itself?

Anyone see what I’m getting at?

It’s very suspicious that all these testimonials claim this happened within just the first few weeks of using filezilla.

By: mrveenie

mrveenie — Wed, 21 Jul 2010 17:18:00 +0000

Well i think this is very very stupid.. This design fault in filezilla is quite major… Most of the FTP programs has encrypted password files.

Some kind of trojan can get trough the best security… You have a save in your home also for the money and stuff dont you???

Why is this program just giving my password as a stupid plain text file?? its the same as layin down your bankcard including the pin code…

i think its very stupid!. My security on the laptop is strong enough AVG runs every week, and a couple of malware busters also. and still i got busted by this virus..

i couldnt find out why my sites got busted all the time so i started looking in the laptop.. and yes i found one small trojan that came with a cookie… the firewalls! (3 in total) didnt recognized it…

By: Kevin M

Kevin M — Mon, 21 Jun 2010 00:32:54 +0000

I get a charge out of reading this hogwash! For anyone concerned about security to blame one program for storing your information in a plain file and is the cause of a breach is a load of crap! The operating system stores these files all over the computer.

So instead of blaming a program for its lack of security. Blame the PC owner for their lack of security on their end! You want to set here an create an article on a free tool and blame them because you cannot keep your own system secure. It is a sign of your total lack of knowledge of how a computer works!

By: Lynn

Lynn — Thu, 03 Jun 2010 15:21:49 +0000

I have to agree with Steve here, although I’m not one to call anyone lazy because I know how lazy I am. Still, FileZilla is a free program and for all that, it’s great. But sometimes you do get what you pay for, and if you want a more secure program, you need to find other options. Frankly, my computer is what I worry about and if FileZilla is not storing my passwords in encrypted files, then I feel it’s my own responsibility to make sure my computer is as secure and safe as it can be. That’s the real issue here, as many other commenters have said before me.

By: Steve

Steve — Fri, 07 May 2010 19:59:41 +0000

This is really a not a security issue. Quit being lazy and don’t save your passwords in your server settings. Erase private data after using Filezilla. Don’t blame the application.

By: Dooley

Dooley — Mon, 15 Mar 2010 17:54:04 +0000

Antivirus 2009 hit me over the weekend after I visited another designers site here in town. Ofcourse, I’ve been using FileZilla, but while I had some passwords in there, most of them are in my head.
Change passwords, Find/Replace, ugh… what a waste of ten hours. They’re still not all clean either.
I can’t believe this ftp client is storing my info in plain text. And I thought browsers were bad (want me to remember your password for you? I promise I won’t tell… too many…)
Thanks for the article!