Password file has been hacked and used by a virus

[botg]

Because they don't know about full disk encryption?

[jdratlif]

It was only a thought. I defer to your expertise.

[djgblz]

How is not the problem, in fact that's trivial. The issue at hand is why do it at all if it doesn't offer any additional protection?

Encrypting the file on my computer does offer additional protection! The risk is that someone gets a hold of my file through some exploit, and that puts ALL of my ftp servers at risk. Were that file encrypted and someone grabbed it through some microsoft vulnerability then my ftp servers are not at risk.

If the Site Manager entries cannot be read, then the only time the credentials are at risk is when you connect to a server. Users with hundreds of entries in the Site Manager may not use several entries for days, weeks, months or years which would give time for new AntiVirus signatures to be delivered, other detection methods to be used, holes in the OS to be plugged, etc. Yes, some data would be compromised, but not ALL of the data at once.

Nothing will stop a determined thief, but there are things that will slow him down and make it difficult to get your stuff. Nothing is 100% secure, but even 10% secure is better than 0%.

[Bobcat]

botg et al- I like filezilla, have used it for years. I also just had my numerous sites corrupted by something that ripped those filezilla site credentials. First time this kind of thing has happened in 10 years. Took me awhile to figure out what happened... was it the host?, Dreamweaver?, a rogue? And although I haven't yet figured out which virus/worm/script is the culprit or how it managed to do this... I do know that Filezilla was the key.
After fixing websites, removing passwords from filezilla, and generally stressing about this, I uninstalled FileZilla. Just on principle.
Now as I roam about looking for clues at the scene of the crime, I find a snotty forum admin (who represents Filezilla whether they knows it or not) who could care less and there's no need of that.

[botg]

So you got infected by malware. I can practically guarantee you that it was your own fault you got infected. You most likely didn't install available security fixes vigilantly enough.

[boco]

Just make Secure Mode/Kiosk Mode 1 the default setting. Let 'em activate the switch if they want to save passwords, with a big fat red warning.

Hint for saving passwords: pen and paper. No malware has been able to compromise a sheet of paper yet...

[jdratlif]

Just make Secure Mode/Kiosk Mode 1 the default setting. Let 'em activate the switch if they want to save passwords, with a big fat red warning.

Sounds good to me.

[botg]

Some interesting tidbit: TotalCommander does not store passwords in plain text, it uses some sort of obfuscation. Yet that did not prevent some malware to obtain the passwords. The result is modified websites of TotalCommander users. It proves my point that obfuscation is useless.

[Bobcat]

So you got infected by malware. I can practically guarantee you that it was your own fault you got infected. You most likely didn't install available security fixes vigilantly enough.

Wasn't accusing filezilla... just pointing out the source of the compromised uids & pws. This is not about blame, it's about resolution. I have to find out which malware hit me, so do you have any useful ideas or will you now tell me to get a MAC or install Linux?
Or can you help?
I have run about every rootkit, AV, malware, spyware scan that I have anymore patience with and so before I fdisk, I was wondering if the filezilla community may have seen this before, and what may have caused it. Yes, I did check the previous post about 21.11.06... and I don't think that is the problem here.

I want to know HOW I was vulnerable... does anyone here have a list of known "intruders" that have scraped filezilla credentials and then used them to plant a FRAMER.BS iframe exploit on the newly screwed web sites>?

[botg]

My experience with malware is very limited, I only had two infections in my entire life. Ages ago with Parity Boot B and ten years ago with CIH. Since then I have managed to keep my systems fully secure with good configuration alone.

If no malware scanner finds anything but you are using shared hosting it may also be possible if your files got modified through some other person's account. Last but not least there might be vulnerabilities in your website itself.

[jdratlif]

Some interesting tidbit: TotalCommander does not store passwords in plain text, it uses some sort of obfuscation. Yet that did not prevent some malware to obtain the passwords. The result is modified websites of TotalCommander users. It proves my point that obfuscation is useless.

Yes, better to protect yourself from no one than to protect yourself only from some people. Any solution that doesn't offer provable 100% security isn't worth anything.

[botg]

Any solution that doesn't offer provable 100% security isn't worth anything.

ACK.

[boco]

Any solution that doesn't offer provable 100% security isn't worth anything.

ACK.

Worse, it delivers a false sense of security. Best is to not lay your passwords in the hands of any software. Enter it if you need to. Not saved passwords are safer, there's nothing to steal if nothing is stored.

[camelothosting]

Ok
Since im not going to be here for long lets just get this out of the way

botg your an ass,

I can see that you are worried about peoples security and identity
your registration here isnt even secure so it dosnt suprise me that the authors of this software dont give a damn about your security.
and for the record if you connect using sftp then youlr credentials are NOT passed as plain text.


My suggestion to folks that are worried about this OBVIOUS lack of concern for you or your sites is tell em to go to hell and find better software....

and to the developers,
Since this lack of security has DIRECTLY affected my business, Im going to be looking into liability......
Im sure somewhere I can find that obscure law that says that your willfull negligence can be pointed to direct financial liability.



while Yes is a fact that had these users not picked up a trojan or virus this wouldnt be an issue, your open attitude here ( which has been printed off for reasons of fact ) that you DONT CARE that your software is being used for malicious intent, just points further too negligence


and in closing
botg your still an ass, and if you really dont firewall or AV protect your PC then you are most definitely one of the dimmest folks I have ever met.....

[camelothosting]

to the non devs in this thread or who might read this thread, If my attitude offended I do apologize...
If you agree with what I have said then speak out and be heard......

remember its YOUR site thats comprimised,

IF you run a mysql dependant site then you have now givin the person that got your login info complete access to the database and your customer info....

remember that if you look in the ftp and message logs you will see that your files are being downloaded and modified files uploaded.....

just some food for thought.... and Yes if the pc wasnt infected it wouldnt be an issue, bu thats a double edge sword,
IF the passwords were not stored in plain text then it wouldnt have been an issue


I am not nor will I say that filezilla is responsible for the users pcs being infected, thats a totally separate issue.... but the folks running ( for example ) ipswitch software dont have to worry about this issuse