Wordpress Themes - WP Forum at BFA
There will be no more development for Atahualpa (or any other theme), and no support. Also no new registrations. I turned off the donation system. I may turn the forum to read only if it gets abused for spam. Unfortunately I have no time for the forum or the themes. Thanks a lot to the people who helped in all these years, especially Larry and of course: Paul. Take care and stay healthy -- Flynn, Atahualpa developer, Sep 2021

Wordpress Themes - WP Forum at BFA » WordPress Themes » Atahualpa 3 Wordpress theme » New Versions, & Updating »

Hack Attack and FileZilla

Old May 26, 2012, 06:55 PM
139 posts · Oct 2009
I experienced a hack of the header.php file that resulted in an inserted iframe that contained Search Results Clicking fraud (the inserted code simulates a click on search results links, giving the hacker "click income").

I believe the attack vector was on a local computer that had a 'drive-by' insertion of some java exploit. I do keep my system quite current on patches, so can't verify the attack vector.

But I believe that, once the exploit got into my system, it used my FTP credentials to upload a changed header.php file to a WP site's active theme folder. And the reason that was successful is because I was using FileZilla as my FTP client.

FileZilla stores FTP credentials (site/user/password) in an easily accessable plain text file. These credentials are not encrypted. And this easily accessable exploit of the FileZilla FTP credentials doesn't seem to be any concern to the FileZilla developers.

So, my warning to others: do not use FileZilla as your FTP client. Uninstall, then manually remove the settings file (not removed by the uninstall, look in your %APPDATA% folder).

Then change all your FTP site credentials. And then use a different FTP client program. I recommend WinSCP, which has an optional 'master' password that will encrypt your FTP credentials.

IMHO: do not use FileZilla if you enable it's 'save password' feature. Your sites will most likely be compromised.

Old May 28, 2012, 06:39 PM
Knut Sparhell
34 posts · Jun 2010
Fredrikstad, Norway
Why are you so sure to blame FileZilla? (I don't use FileZilla.)

If the hackers got the paswords from FileZilla they first had to hack into your computer. Any reason to think that has happened, and have you made anything to prevent such attacks?

But why should an attacker bother to get into your computer to find the FTP passwords? FTP credentials goes unencrypted over the network. Anyone with physical access to the cabeled network between your client computer and the server will be able to see it. Unencrypted wireless networks are open to anyone around, even without any physical access.

I my experience, the website hackers usually brute force attacks the FTP accounts. The most vulnerable is the accounts with simple user names and passwors, like admin, john, root, mary and so on, and similar simple passwords. The attacks go on all day, with just few seconds in between each attempt, using a list of common user names and human made password constructs. After some hours they have guessed the right password, enter and do their harm, small or severe.

So my advice is not to use plain old FTP if one can avoid it, and NEVER EVER use FTP over open wireless network, and not to use real names or simpel nick names as FTP user names, and long, "random" generated passwords. Otherwise they will be cracked, some day. And for long passwords a password store is necessary, even if they are saved as plain text, as long as they are saved under a private, password protected user account.

And for FileZilla, every client software that offers password saving, has to store them in such a way thet they can be decrypted and used. This is contrary to password protected applications that just have to save a one-way encrypted password (hash). It's not so difficult for a hackers computer to try a gazillion human made "secret" keys or "master passwords", once he is in and has the list.


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help - Recovering from major hack mandrakeman1965 New Versions, & Updating 8 Aug 22, 2010 07:52 PM
Testing new thread, question about hack paulae Atahualpa 3 Wordpress theme 1 May 18, 2010 02:45 PM
admin-ajax-php hack? CHi106 Atahualpa 3 Wordpress theme 0 May 16, 2009 06:01 PM
[SOLVED] WordPress Firewall has detected and blocked a potential attack! Craig Mattice Atahualpa 3 Wordpress theme 0 May 5, 2009 04:59 PM
A hack to align page navigation menu to center araneum Page & Category Menu Bars 8 Apr 9, 2009 08:48 PM

All times are GMT -6. The time now is 10:04 AM.

Powered by vBulletin® Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.