Hi everyone. I've been using FileZilla for uploading files. Has anyone experienced any problems using FZ regarding corruption/etc? I'm having some site problems and my security is alerting on FZ. Has anyone else experienced this? Any other recommendations instead of FZ? Thanks in advance for any helpful comments. Thanks, Sherie

I use filezilla and have had no problems. That doesn't mean you don't have them with it, just that I haven't.

Thanks Steve for your comment. I've had good experience with FZ so far but since my security has now alerted on them multiple times, that raises the concern. Thought I'd throw it out to the forum while waiting to hear back from FZ.

Also was interested if anyone has other uploading programs they've had good results with in case I decided to change from FZ. Thanks again for your answer.

Sherie

Hi everyone. I've been using FileZilla for uploading files. Has anyone experienced any problems using FZ regarding corruption/etc? I'm having some site problems and my security is alerting on FZ.

Sheri, I've been using FileZilla for awhile, and have never had any problems. Did you download the software from the FZ website directly, or did you download it from another site?

The reason I ask is because some third party download sites are dangerous, and contain viruses and other undesirable software. Another possibility is a virus in your computer compromised and infected the FZ software.

Try uninstalling the software, and re-installing. It's also possible that your virus protection software is alerting falsely - false positives. It happens more often than people realize.

David Jackson

I don't use FileZilla, I use FireFTP, and haven't had any issues with it.

Thanks David. Yes I downloaded new software, directly from FileZilla. My computer is clean, no viruses or trojans found, we've had numerous checks done on that issue. Files are being contaminated after going through FileZilla and being uploaded. Don't know about 'false positives'? I have 2 separate security programs that keep alerting on FZ. Not trying to blame FZ, just trying to locate the source so we can get a final cleanup, instead of a partial one. Appreciate your helpful thoughts David.

Sherie

Thanks Traci. I've never heard of FireFTP but then I'm new to all this IM stuff. I'll keep that program in mind.

Sherie

Thanks David. Appreciate your helpful thoughts.


Anytime, Sheri. Good luck fixing the problem!

David Jackson

I've used filezilla for years with no probs. Sometimes virus checkers and other security software create false alarms and this sounds like one of them.

"I have 2 separate security programs"

Hmmm...perhaps they are interfering with each other, care to name them?

good luck!

Sure Alex. I use Kaspersky and iObit 360 systems, both updated regularly. They are believed to be compatible. These alerts are not just showing up with my software. Google has slapped me with a 'could be harmful' warning periodically and Clickbank also has had issue on occasion. Now I'm trying to stay one step ahead of the bots and pull contaminated pages down ASAP, hopefully before the next 'bots-round'. I haven't been able to launch my product yet as I sure can't send anyone to my site if there might be a problem. That wouldn't be right.

Yes, I feel the same way about FileZilla. Up to this point it has been a real peach to use and has been doing a great job. Evidently there can be 'bugs' in the FileZilla system though, because their site asks you to notify them of bugs that are found right away.

Hopefully they can review things on their end and make sure it is clean. Besides my website pages, it has also moved into my blog posts. (ugh!) Wonder if I'll ever get to the source of the problem. Still waiting to hear back from hosting company and FileZilla.

Thanks for taking time to reply Alex.
Sherie

Sherie,

Under the transfer tab, I would make sure transfer type is set to auto

steve

Thought I share the latest on my 'battle with the bugs'. My hosting company has been great. Together we finally decided to strip all the pages from the site, upload squeaky clean ones and, of course, change the password. (Before I just tried to fix it page by page)

Today I kept working on a password until my new one has a full 100% strong ranking, instead of the 40% or so before. I'm staying positive and expecting a 'full recovery' from the pain in the bugs...I mean pain in the butt trojans. Thanks for everyone's ideas, suggestions and support.

Sherie Smith

I believe your files are being infected at the server level.
There is no way I know of that they could get trojans etc. from filezilla simply transferring them from your computer to the website.

If you have wiped the server clean then that may or may not have solved the problem.

If someone has access to any account on the server they may have access to all of them.

I would really be looking at the server for this problem.

robert

Actually there is a known problem that exploits FileZilla. I've had to help a customer of mine recently who had 50 or 60 websites injected with IFRAME code that subsequently gets the site listed as 'dangerous' when you try to display it with Firefox.

I don't know if this is the same issue but basically, FileZilla stores passwords in plain text. The trojan grabs these plain text passwords and sends them off to a hacking site which alters your index.html and/or index.php files, adding an iframe and/or some javascript code. The iframe is at the top of the page and the javascript at the bottom of the page.

There are 3 steps for removal:

1. Do a full virus scan ensuring that your anti-virus is up to date. Also have anyone else who works on your site do the same.

2. After any trojans/viruses are found and removed, change all of your FTP passwords.

3. Repair the affected pages - this involves editing any index.php or index.html files to remove the iframe and/or javascript.

This should fix the issue but still leaves you vulnerable if your computer gets infected again. One of the FileZilla developers has indicated that there won't be a 'fix' because he believes it's not FileZilla's job to protect against these sort of attacks. You may want to look at an alternative. I use a program called FlashFXP, but ask around and if you do change to another FTP program, check whether passwords are encrypted.

Here are a couple of relevant links...

Discussion about similar attacks:

http://drupal.org/node/441032
http://www.tech-evangelist.com/2009/06/08/filezilla-alert-trojan-virus/

Response from FileZilla Developer (his name is botg):

http://forum.filezilla-project.org/viewtopic.php?f=1&t=9543

Regards,

Gary

I use FireFTP and have never had an issue with my sites getting hacked. I know many use, and seem to prefer, FileZilla, but FireFTP is awesome and works very well.

An alternative for filetransfers (and other stuff) that I've been using since forever is Total Commander (http://www.ghisler.com/index.htm) from Ghisler.

I think I'm going with FireFtp.

Thanks Traci for the video help!

Nice to see you here Gary!

Thanks for the details about filezilla - is there any particular ftp client you'd reccomend?

Alex

Hi Alex,


Nice to see you here Gary!

Thanks for the details about filezilla - is there any particular ftp client you'd reccomend?

Alex

Yes .. I've been 'out of circulation' for a while but I'm back with a vengeance :). I followed a link here from Google and then saw that it was Lynn's. I don't know her but I've seen and heard quite a lot and it was all good. I'll be upgrading to elite membership soon... just want to settle in first.

There's a bunch of good FTP clients out there. SmartFTP, CuteFTP and FlashFXP are all good non-free ones. A free one that I'm recommending now is Core FTP (www.coreftp.com). The lite version is free and it looks and feels a lot like FileZilla. I've not seen any reports of it being exploited.

Gary

Thanks for the info Gary and it'll be great to welcome you into the Elite forum - even if you don't sign up through my link
http://expertlistbuilding.com/lynnterry.html

:-)

Alex

Yes .. I've been 'out of circulation' for a while but I'm back with a vengeance :). I followed a link here from Google and then saw that it was Lynn's. I don't know her but I've seen and heard quite a lot and it was all good. I'll be upgrading to elite membership soon... just want to settle in first.


Gary

Gary,
Glad to have you here! Looking forward to you joining the elite group. You won't be disappointed.

Hey everyone, look what a mess I've started with this post! lol Didn't know my question with FZ was going to bring down the rain but at least it seems to be a cleansing one for many of us!

I haven't had time to get on the forum much the last few days so thought I'd catch up today and look what I've found. Wonderful posts with all kinds of good info on this problem. (If you haven't checked out those links provided above, be sure to do so) It's a real eye-opener about FZ and their apparent lack of concern for what appears to be a real problem with a simple fix. I really hate to switch from FZ because it's is so user-friendly for newbies. But I'm leaving in search of safe waters so I can get on with my IM endeavors.

Think I'll try the CoreFTP Lite (thanks for the recommendation Gary), since its similar to FZ in look and use. I'd better make the switch quick while my site is still clean. It's staying clean longer than usual probably because my new password is ranked 100% in strength. (I can just see those attackers banging their heads against that password now and a huge knot rising up like on the old-time cartoons! Serves 'em right. lol

Thanks everyone for your excellent help with this problem.
Sherie

I too have switched to coreftp. I have been promoting filezilla for years.
I am not really concerned about the exploit as much as I was really put off by the attitude at the support forum.


coreftp is very similar to filezilla and has even more capabilities it seems.


robert

Thanks for your post Robert. That's good to know you've made the switch to CoreFTP and seem to be happy with the service.

I'm in the process of reading the Q&As. Have some concern because the particular computer I need the FTP on is a Windows XP/ServicePk2 - 2gH machine. Trying to figure out if it can handle Core. Seems if it did ok with FileZilla, the Core would be ok too. Still reading ... :)

Sherie