Hacked sites and Filezilla

[black-dog]

I've just been chatting to support about a number of domains on one of my VPSs that have been hacked. The support person recommended not using Filezilla.

I've done a quick check and can't find and major horror stories other than the fact that FZ apparently stores passwords in plain text in an XML file. I work alone and from home so this isn't really a problem for me.

Are there any other issues I should be aware of?

Incidentally, support could offer no explanation as to how these domains had been hacked. My client does, despite my warnings, insist on using Front Page which I suspect may be a factor.

[Dan]

Hi Black-dog,

I have used Filezilla for many years; mainly across many Windows machines of both the client and server platform and I've never encountered any issues.

I'm strongly liaised with the lead developer of Filezilla, and have been for a while and I'm positive that there aren't any flaws out with the latest release of Filezilla.

There was an issue a while back with FP if I can recall it correctly. I'm unsure of the specifics but a quick forum search of Frontpage could bring it up.

[black-dog]

Hi Black-dog,

I have used Filezilla for many years; mainly across many Windows machines of both the client and server platform and I've never encountered any issues.

I'm strongly liaised with the lead developer of Filezilla, and have been for a while and I'm positive that there aren't any flaws out with the latest release of Filezilla.

There was an issue a while back with FP if I can recall it correctly. I'm unsure of the specifics but a quick forum search of Frontpage could bring it up.

That's good because I like it as an ftp client. I'm more inclined to believe (hope) the issue is with Front Page. On my other VPS I have had FP extensions removed.

[MrTWS]

Filezilla is a really good FTP program and it is routinely upgraded as new changes are made. Sometimes if sites get hacked this can be down to poor password choices, and bad programming (especially if someone is using database connections within their sites) and the software or programming is a bit lapsed and leaves backdoors in

Hacking can be defined in different ways - so what do you mean by hacked?

[black-dog]

Filezilla is a really good FTP program and it is routinely upgraded as new changes are made. Sometimes if sites get hacked this can be down to poor password choices, and bad programming (especially if someone is using database connections within their sites) and the software or programming is a bit lapsed and leaves backdoors in

Hacking can be defined in different ways - so what do you mean by hacked?

In this case, seeded with a load of hidden links.

The advice not to use Filezilla came from Alan V on WHUK support chat.

[Dan]

Well in my opinion, the two FTP programs that come preinstalled with cPanel are more likely to have flaws than Filezilla.

I'm not sure where Alan got his sources from?

[MrTWS]

In this case, seeded with a load of hidden links

And does it use a database or a forum software, or some other method of user input?

[black-dog]

And does it use a database or a forum software, or some other method of user input?

A number of sites on the same VPS were affected. No forums, but some scripting (written by me)

[MrTWS]

I hope you don't mind me saying then (and please excuse me for saying) but if your scripting is flawed or leaves vulnerabilities then that might be the problem. I only say that because some sites that get "hacked" do so through some weak scripts or insecure programming

Obviously not being a hacker myself I don't know how these loopholes work, but I know they must exist if someone or some people have broken your sites. Check all your scripting again and make sure that everything is airtight. If you want to PM me some details - like the site name, or what scripting you have done, I can run through it with you too (a fresh pair of eyes can help)

[black-dog]

I hope you don't mind me saying then (and please excuse me for saying) but if your scripting is flawed or leaves vulnerabilities then that might be the problem. I only say that because some sites that get "hacked" do so through some weak scripts or insecure programming

Obviously not being a hacker myself I don't know how these loopholes work, but I know they must exist if someone or some people have broken your sites. Check all your scripting again and make sure that everything is airtight. If you want to PM me some details - like the site name, or what scripting you have done, I can run through it with you too (a fresh pair of eyes can help)

I don't think the problem lies with my scripting though thanks for the offer of help. The site in question has an online registration system and a number of submission forms. There will eventually be an upload facility (always a problem area) but that is not in place yet. I'm more inclined to believe that this is another Front Page exploit.

[MrTWS]

Fair enough black-dog as I say if you want a hand (even though I'm not that smart) I'll be happy to do that. Good luck with the issue though and I hope you did not take umbrage at me suggesting it was an error on your part - only a possibility as I know too I've made errors too myself and it is not till someone points it out, that you even realise there is a problem

Best wishes
MrTWS

[Cassie]

Sorry to jump in on this thread but just thought I would say that my forum was hacked but don't know if it is on the same server as you. So forums have been hacked.

Chat apparently sorted it last night (thanks Martin) by rolling to a backup but I have not had chance to check anything yet.

He said it was something about permissions but I don't understand those. He said he had fixed them too but guess I will only know if they are right if I get hacked again or I can't get on my site.

I use frontpage because I am not a qualified webdesigners - I am just a crafter with a website. I don't understand all the bits I just use them. I would have hoped that the hosting here was secure enough for this not to happen - obviously not.

Can anyone explain further what has happened?

[black-dog]

Sorry to jump in on this thread but just thought I would say that my forum was hacked but don't know if it is on the same server as you. So forums have been hacked.

This isn't anything to do with forums. In fact there isn't a forum on the site.

He said it was something about permissions but I don't understand those. He said he had fixed them too but guess I will only know if they are right if I get hacked again or I can't get on my site.

Permissions being set correctly won't help if someone can use ftp, as in my case.

I use frontpage because I am not a qualified webdesigners - I am just a crafter with a website. I don't understand all the bits I just use them. I would have hoped that the hosting here was secure enough for this not to happen - obviously not.

Can anyone explain further what has happened?

There are known security issues with FrontPage and I have told my client this on many occasions. And M$, bless their little cotton socks, have dumped it. What does that tell you?

If you are on a Windows server you should be ok for a while. If on Linux you'll have to accept that you use FP at your own risk.



Yes I feel sorry for people like you and my client who have invested time and money in this product but perhaps this will give you some idea why M$ is despised by so many people.

[Cassie]

I only said about the forum because one of the posts said NO forums had been affected.

I don't need your pity - I have since found out it was nothing to do with Frontpage.

Martin said he had fixed the site but when I checked there was still 2 directories in there that had the hackers information in it. They have now been deleted properly.

All passwords were strong but have been changed to be stronger.

[Dan]

Please keep the hastiness to a minimum.