Wordpress Themes - WP Forum at BFA

Wordpress Themes - WP Forum at BFA (http://forum.bytesforall.com/index.php)
-   New Versions, & Updating (http://forum.bytesforall.com/forumdisplay.php?f=12)
-   -   Hack Attack and FileZilla (http://forum.bytesforall.com/showthread.php?t=17671)

rickheck May 26, 2012 05:55 PM
Hack Attack and FileZilla
 
I experienced a hack of the header.php file that resulted in an inserted iframe that contained Search Results Clicking fraud (the inserted code simulates a click on search results links, giving the hacker "click income").

I believe the attack vector was on a local computer that had a 'drive-by' insertion of some java exploit. I do keep my system quite current on patches, so can't verify the attack vector.

But I believe that, once the exploit got into my system, it used my FTP credentials to upload a changed header.php file to a WP site's active theme folder. And the reason that was successful is because I was using FileZilla as my FTP client.

FileZilla stores FTP credentials (site/user/password) in an easily accessable plain text file. These credentials are not encrypted. And this easily accessable exploit of the FileZilla FTP credentials doesn't seem to be any concern to the FileZilla developers.

So, my warning to others: do not use FileZilla as your FTP client. Uninstall, then manually remove the settings file (not removed by the uninstall, look in your %APPDATA% folder).

Then change all your FTP site credentials. And then use a different FTP client program. I recommend WinSCP, which has an optional 'master' password that will encrypt your FTP credentials.

IMHO: do not use FileZilla if you enable it's 'save password' feature. Your sites will most likely be compromised.

...Rick...

Knut Sparhell May 28, 2012 05:39 PM
Why are you so sure to blame FileZilla? (I don't use FileZilla.)

If the hackers got the paswords from FileZilla they first had to hack into your computer. Any reason to think that has happened, and have you made anything to prevent such attacks?

But why should an attacker bother to get into your computer to find the FTP passwords? FTP credentials goes unencrypted over the network. Anyone with physical access to the cabeled network between your client computer and the server will be able to see it. Unencrypted wireless networks are open to anyone around, even without any physical access.

I my experience, the website hackers usually brute force attacks the FTP accounts. The most vulnerable is the accounts with simple user names and passwors, like admin, john, root, mary and so on, and similar simple passwords. The attacks go on all day, with just few seconds in between each attempt, using a list of common user names and human made password constructs. After some hours they have guessed the right password, enter and do their harm, small or severe.

So my advice is not to use plain old FTP if one can avoid it, and NEVER EVER use FTP over open wireless network, and not to use real names or simpel nick names as FTP user names, and long, "random" generated passwords. Otherwise they will be cracked, some day. And for long passwords a password store is necessary, even if they are saved as plain text, as long as they are saved under a private, password protected user account.

And for FileZilla, every client software that offers password saving, has to store them in such a way thet they can be decrypted and used. This is contrary to password protected applications that just have to save a one-way encrypted password (hash). It's not so difficult for a hackers computer to try a gazillion human made "secret" keys or "master passwords", once he is in and has the list.


All times are GMT -6. The time now is 01:35 AM.

Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.