GoFuckYourself.com - Adult Webmaster Forum - View Single Post

ruff · 02-24-2010, 09:21 AM

I use FileZilla and my server passwords were compromised and malicious code added to several of my sites. The code was an iframe link sending to a site in the Netherlands that put the Security Central virus on peoples computers. Nasty little bastard.

Virus or Malware scanners will not find it. It is an iframe link just after the body tag in infected sites. Only html and htm files.

Turns out, FileZilla does not encode anything and keeps your login data in an XML file that can be sniffed out. There are about 10 ftp clients susceptable to this and you can find more info at this link:

http://blog.unmaskparasites.com/2009...dentials-from/

Solution is not to let the ftp program to save your login info. Also switch to secure protocol. I have switched back to WinSCP.

02-24-2010, 09:21 AM
ruff I have a plan B Industry Role: Join Date: Aug 2004 Location: Seattle - Miami - St Kitts Posts: 5,501	FTP Client Passwords hacked: Beware I use FileZilla and my server passwords were compromised and malicious code added to several of my sites. The code was an iframe link sending to a site in the Netherlands that put the Security Central virus on peoples computers. Nasty little bastard. Virus or Malware scanners will not find it. It is an iframe link just after the body tag in infected sites. Only html and htm files. Turns out, FileZilla does not encode anything and keeps your login data in an XML file that can be sniffed out. There are about 10 ftp clients susceptable to this and you can find more info at this link: http://blog.unmaskparasites.com/2009...dentials-from/ Solution is not to let the ftp program to save your login info. Also switch to secure protocol. I have switched back to WinSCP. __________________ CryptoFeeds