FileZilla Forums

Hi all,

It took me some time to investigate, but I don't see another way, but I'm sure of the following about filezilla, my filezilla password file has been hacked by a trojan and given to a third party pirate...

All my web site I'm taking care of have been hacked and the ONLY place where the hacker could find the password was coming from Filezilla where all the password where stored in this place and only in this place.

I'm using filezilla client 3.2.3.1 and the hacker inserted the following script on each on my html files :
....
document.write(unescape('pZ%3CscPr
.....
of my four web sites !!

So I think the policy of having the filezilla passwords into a uncrypted password is foolish !

After 15 years of computing, (and I'm a Win32 programmer), this is the first time I got hacked....

is there a way to overcome filezilla password from being hacked so easly ?

Thanks

Don't store passwords and most importantly, do not use Windows.

Thanks , first part of the reply can apply ... bu could you remember alll your passwords ?? Me not, sorry...
Second related to windows, can definitively not apply...

Why not crypting this file using 1024bit key ?

The files are stored here :
C:\Documents and Settings\Administrator\Application Data\FileZilla

plain clear !
into sitemanager.xml !!

even the one that are used for SSL accounts.

Al discussion has taken place here :
http://unsharptech.com/2008/05/20/filez ... plaintext/

I think this is a pity beause filezilla is really excellent !

Regards,

Thx

Easy. Open Explorer. Right-click on FileZilla's settings directory and enter the properties. There you can enable encryption.

yes Ok, but if the virus has acquired the same priviledges as me, it will not help ... (?)
Thanks

Let's assume all passwords are encrypted. Malware just waits till you connect to the server and then captures the password from memory. Protection gained by the encryption: None.

Enable kiosk mode 1 (no passwords stored in FZ) and use a software like KeePass to store your passwords (of course on a different machine not connected to the internet).

Don't surf the internet with an administrator account.

Is KeePass like kwallet or something? I don't use Windows much these days. Does it work with FileZilla?



Administrator accounts are evil, but at times they are a necessary one. Some programs simply don't run without full access. Stupid programmers from the pre-multi-user windows environments used to full access accounts. UAC is not great, but I think it's a decent compromise. Microsoft has to be pragmatic. They can't afford to throw away the wondrous Windows backwards compatibility.

Even if he was using a limited account, his privileges would certainly extend to his password file. If he couldn't read them at his privilege level, then he could never make use of them. Granted there are much more serious consequences to a virus running as admin...

Then simply don't use such programs. There are many alternatives.

Ok,

Now I got the final word about this case.

All my web site were hacked due to FTP passwords that have been grabbed by a Trojan.

The process is very well explain here :
http://malware-web-threats.blogspot.com ... us-p5.html

I got infected by this :
http://www.symantec.com/security_respon ... 18-1009-99

A simple hack tool and a keyboard logger...
It took ALL the filezilla the passwords and they were sent to Russia (FTP log showed that the machine was running from Russia when it got the access of my web server (no brute force), and my PC was OFF at that time.

Despite I have ESET nod32 AND spybot BOTH enabled (resident protection) -> they both failed !
I was relying too much on these tools!
My mistake was that Acrobat Reader embedded to Firefox was too old and exploit has been used .


I'm amazed how easy it is for these hack tool to get everything they want.

I'm considering using a account with a basic user privilege to surf on the web... good idea.
But if also filezilla could improve the way of hiding the password, it would make more difficult the life's of those hackers.
To grab the password from memory ....hummm... I think this is far more difficult compared to grab a file located here :
C:\Documents and Settings\Administrator\Application Data\FileZilla

Also the password can be grabbed from the TCPIP packet before it goes to the NIC ,I know this... (except SSL/SSH used)
.... I'm a programmer also (>1Million line code)... So I'm aware

In 15 years of active PC usage, this is the first time I got hacked like that... I have of course changed all the passwords...

Not nice definitively...

Rgds,
Al.

Typical botg response. If my computer were slow, you'd be offering me a nickel.



They hacked your machine when it was off? That's amazing.



A programmer, eh? And FileZilla is open source...

alphonse777, you sound like an irate user. Take a break for a few weeks to calm down. Then come back here and think about my arguments. If malware is running on your system, no amount of obfusction or encryption helps, malware simply waits silently until you decrypt the data.



Of course they failed, you are running expensive snake oil.

I am not using any firewalls, virus scanner or other malware detection utilities. The difference is that I know how to properly configure my systems and spend much time keeping them ALL up-to-date. And I simply don't use products with known unpatched vulnerabilities.

Hi, I'm suffering from the exploit too. I have several sites in a mess right now. Is the best thing for me to do to change all the passwords and then make sure not to store them on my filezilla program? That's what I will be attempting to do during this next week.

I really like filezilla. I'm not very smart about most of what has been mentioned in this thread.

I have been using file zilla since 2006. I updated my program on this PC this week. I thought it might help, but, I spent hours working to reverse damage this evening, only to fail....

I did not know about the password storage "issue". Thanks for the guidance on that. Also, I am unsure how on earth did the viral jerks nest inside of my PC. I have downloads disabled, and I'm very careful and particular about what I (knowingly) let visit my hard drive.

OMG, I have sooooo much cleaning up to do. (cries eyes out)

Can you advise me how to STOP such intrusions in the future?

PS, if anyone here is a member of digital point, I need a small favor, if you please. Thanks (sorry off topic there)

I cannot read your reply. Please use an even bigger font, maybe it will become so large that eventually it wraps around to be legible again



Why can people not spell FileZilla correctly? Did Zombie Jesus eat your brains?

OUCH! okay, i removed the size. SORRY!

I DID SPALE IT CORRECTLY at least once. jeeez.

Did Jesus eat your compassion?
.........
EDIT

PS. You sent me a warning about font size? Seriously, the font looked okay on my screen. Thanks.