Skip to main content

Filezilla saves passwords in plain text, threatens your night sleep

Filezilla fail
Filezilla fail (Photo credit: Siim Teller)
Most of website developers and designers need a way to upload content to the webserver when done in order to deploy the website. Most then use Filezilla, an FTP client that can help you transfer your files to the webserver via the FTP protocol.

But Filezilla, no matter being a fantastic application, has a specific attribute that will make it sometime, crucial to your business.


And that attribute is that it saves your servers, usernames and password to a specific folder in your computer. Want more? It also saves the ftp passwords in PLAIN TEXT so that nobody will have to make an effort to even decrypt them.

According to an article ( http://unsharptech.com/2008/05/20/filezilla-ftp-passwords-stored-in-plaintext/ ) and from your own multiple tests for this matter, Filezilla indeed saves your passwords.

There is a way to enable Kiosk Mode for Filezilla that is mentioned not to save passwords, we did it but it never worked ok. Filezilla saves your passwords in the folders mentioned below :


Windows XP/2K: “C:\Documents and Settings\username\Application Data\FileZilla
Windows Vista: “C:\Users\username\AppData\Roaming\FileZilla\”
Linux: “/home/username/.filezilla/”
( from http://unsharptech.com/2008/05/20/filezilla-ftp-passwords-stored-in-plaintext/ )

and not only does it save your Bookmarks' passwords, it also saves the last connected server, password and username.

How we found out?

We got bitten by a trojan that stole those exposed passwords and affected some websites with iframe code for malware redistribution which we had to clean up. This password leak, came from filezilla where we had stored our bookmarks. Stupid yes, but we did not know then.

So what not to do

If you can, do not use filezilla, use another ftp client like gFTP ( which we searched and does not save password in Linux ) or WinCSP. If you must use filezilla, we'd say that you go on and delete those blocks in those files above whenever you can to avoid being stolen and then God knows...


Enhanced by Zemanta

Popular posts from this blog

Enable AMD's Radeon Chill feature for all games.

Since 2014 AMD has been following the tradition of releasing new performance and usability features in their December driver, and 2016 was no exception. Among the myriad of new features and enhancements, was also one that passed almost unnoticed, called Radeon Chill.

Stemming from AMD's acquisition of HiAlgo earlier in 2016, it offers the possibility of huge power and thermal savings while gaming, by monitoring screen movement and adjusting the frame rate accordingly. There is even the claim that it could also reduce response times since the GPU is not occupied with rendering as often.

Its only issue: it's not global, and it's based on a white list of applications to function. But fear not, for we are here. Using a trick as old as operating systems themselves, you can try to make it work with every title. Let's see how to do that.
Step One: Activate Radeon Chill. Doing that is fairly easy. Right click on your desktop and select "Radeon Settings":

Then naviga…

[UPDATE] How to move your wordpress site and mysql database from local XAMPP to the web server

Most web developers follow the way of "first local, then on the server" for their website's early development or setup stages in order to gain either speed or freedom in installing pluging and extensions due to servers' permissions for files and folders.

A small problem comes around when you need to move your site from your local environment ( commonly XAMPP ) to your webserver so your website can go "live". This article will let you know the steps you need to follow when it comes to Wordpress and moving if from local to yuor server.

Before we start, you will need to : 1. have the url, username and password of your hosting environment's management panel ( cPanel or Plesk e.t.c. ) and log into it.
2. in your hosting panel, you need to add FTP access to your site, you will need to jot down the IP or domain name ( depending on DNS ), a username and a password
3. you will need to go into your hosting's database management via your management panel, cre…

Your first post in your Facebook Page, some simple tips

Many new pages are created on Facebook every day by brands that need to use the network for wither exposure or marketing or both. There are many small businesses that want to use Facebook and need to know about some initial tips to get started with their facebook page.

Facebook page management is no rocket science, but it can lead your brand to either a successful presence or nothing at all, if you don't pay attention to some details. You have to start with the basics. Your every-day process with your page is your posts, information you share on your page and your fans will see. First take a note that not all of your fans will see your post. Let's say you have 1000 fans, only about 10-15% of your fans are expected to actually see that post. What's important here is to make your post appealing so whoever sees it, will be able to engage with it, thus either comment, share or like it.

Take a look at our video for those tips :



Every time a Facebook user likes, share or commen…