Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24

Thread: FileZilla or Who?

  1. #11
    Join Date
    Oct 2009
    Location
    Lansing Michigan
    Posts
    34

    Default

    Sherie,

    Under the transfer tab, I would make sure transfer type is set to auto

    steve

  2. #12

    Smile Update on the Bugs

    Thought I share the latest on my 'battle with the bugs'. My hosting company has been great. Together we finally decided to strip all the pages from the site, upload squeaky clean ones and, of course, change the password. (Before I just tried to fix it page by page)

    Today I kept working on a password until my new one has a full 100% strong ranking, instead of the 40% or so before. I'm staying positive and expecting a 'full recovery' from the pain in the bugs...I mean pain in the butt trojans. Thanks for everyone's ideas, suggestions and support.

    Sherie Smith

  3. #13

    Default

    I believe your files are being infected at the server level.
    There is no way I know of that they could get trojans etc. from filezilla simply transferring them from your computer to the website.

    If you have wiped the server clean then that may or may not have solved the problem.

    If someone has access to any account on the server they may have access to all of them.

    I would really be looking at the server for this problem.

    robert

  4. #14
    Join Date
    Oct 2009
    Location
    Ballarat, Vic, AU
    Posts
    17

    Default

    Actually there is a known problem that exploits FileZilla. I've had to help a customer of mine recently who had 50 or 60 websites injected with IFRAME code that subsequently gets the site listed as 'dangerous' when you try to display it with Firefox.

    I don't know if this is the same issue but basically, FileZilla stores passwords in plain text. The trojan grabs these plain text passwords and sends them off to a hacking site which alters your index.html and/or index.php files, adding an iframe and/or some javascript code. The iframe is at the top of the page and the javascript at the bottom of the page.

    There are 3 steps for removal:

    1. Do a full virus scan ensuring that your anti-virus is up to date. Also have anyone else who works on your site do the same.

    2. After any trojans/viruses are found and removed, change all of your FTP passwords.

    3. Repair the affected pages - this involves editing any index.php or index.html files to remove the iframe and/or javascript.

    This should fix the issue but still leaves you vulnerable if your computer gets infected again. One of the FileZilla developers has indicated that there won't be a 'fix' because he believes it's not FileZilla's job to protect against these sort of attacks. You may want to look at an alternative. I use a program called FlashFXP, but ask around and if you do change to another FTP program, check whether passwords are encrypted.

    Here are a couple of relevant links...

    Discussion about similar attacks:

    http://drupal.org/node/441032
    http://www.tech-evangelist.com/2009/...-trojan-virus/

    Response from FileZilla Developer (his name is botg):

    http://forum.filezilla-project.org/v...php?f=1&t=9543

    Regards,

    Gary

  5. #15
    Join Date
    Jul 2009
    Location
    Missouri, USA
    Posts
    950

    Default

    I use FireFTP and have never had an issue with my sites getting hacked. I know many use, and seem to prefer, FileZilla, but FireFTP is awesome and works very well.

  6. #16
    Join Date
    Oct 2009
    Location
    Søborg, Denmark
    Posts
    126

    Default

    An alternative for filetransfers (and other stuff) that I've been using since forever is Total Commander from Ghisler.

  7. #17
    Join Date
    Oct 2009
    Location
    Fairview Heights, Illinois
    Posts
    40

    Smile

    I think I'm going with FireFtp.

    Thanks Traci for the video help!

  8. #18
    Join Date
    Jul 2009
    Location
    Bedford, England
    Posts
    869

    Default

    Nice to see you here Gary!

    Thanks for the details about filezilla - is there any particular ftp client you'd reccomend?

    Alex

  9. #19
    Join Date
    Oct 2009
    Location
    Ballarat, Vic, AU
    Posts
    17

    Default

    Hi Alex,

    Quote Originally Posted by AlexNewell View Post
    Nice to see you here Gary!

    Thanks for the details about filezilla - is there any particular ftp client you'd reccomend?

    Alex
    Yes .. I've been 'out of circulation' for a while but I'm back with a vengeance . I followed a link here from Google and then saw that it was Lynn's. I don't know her but I've seen and heard quite a lot and it was all good. I'll be upgrading to elite membership soon... just want to settle in first.

    There's a bunch of good FTP clients out there. SmartFTP, CuteFTP and FlashFXP are all good non-free ones. A free one that I'm recommending now is Core FTP (www.coreftp.com). The lite version is free and it looks and feels a lot like FileZilla. I've not seen any reports of it being exploited.

    Gary

  10. #20
    Join Date
    Jul 2009
    Location
    Bedford, England
    Posts
    869

    Default

    Thanks for the info Gary and it'll be great to welcome you into the Elite forum - even if you don't sign up through my link
    http://expertlistbuilding.com/lynnterry.html

    :-)

    Alex

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •