Skip to main content

Filezilla saves passwords in plain text, threatens your night sleep

Filezilla fail
Filezilla fail (Photo credit: Siim Teller)
Most of website developers and designers need a way to upload content to the webserver when done in order to deploy the website. Most then use Filezilla, an FTP client that can help you transfer your files to the webserver via the FTP protocol.

But Filezilla, no matter being a fantastic application, has a specific attribute that will make it sometime, crucial to your business.

And that attribute is that it saves your servers, usernames and password to a specific folder in your computer. Want more? It also saves the ftp passwords in PLAIN TEXT so that nobody will have to make an effort to even decrypt them.

According to an article ( ) and from your own multiple tests for this matter, Filezilla indeed saves your passwords.

There is a way to enable Kiosk Mode for Filezilla that is mentioned not to save passwords, we did it but it never worked ok. Filezilla saves your passwords in the folders mentioned below :

Windows XP/2K: “C:\Documents and Settings\username\Application Data\FileZilla
Windows Vista: “C:\Users\username\AppData\Roaming\FileZilla\”
Linux: “/home/username/.filezilla/”
( from )

and not only does it save your Bookmarks' passwords, it also saves the last connected server, password and username.

How we found out?

We got bitten by a trojan that stole those exposed passwords and affected some websites with iframe code for malware redistribution which we had to clean up. This password leak, came from filezilla where we had stored our bookmarks. Stupid yes, but we did not know then.

So what not to do

If you can, do not use filezilla, use another ftp client like gFTP ( which we searched and does not save password in Linux ) or WinCSP. If you must use filezilla, we'd say that you go on and delete those blocks in those files above whenever you can to avoid being stolen and then God knows...

Enhanced by Zemanta

Popular posts from this blog

Enable AMD's Radeon Chill feature for all games.

Since 2014 AMD has been following the tradition of releasing new performance and usability features in their December driver, and 2016 was no exception. Among the myriad of new features and enhancements, was also one that passed almost unnoticed, called Radeon Chill.

Stemming from AMD's acquisition of HiAlgo earlier in 2016, it offers the possibility of huge power and thermal savings while gaming, by monitoring screen movement and adjusting the frame rate accordingly. There is even the claim that it could also reduce response times since the GPU is not occupied with rendering as often.

Its only issue: it's not global, and it's based on a white list of applications to function. But fear not, for we are here. Using a trick as old as operating systems themselves, you can try to make it work with every title. Let's see how to do that.
Step One: Activate Radeon Chill. Doing that is fairly easy. Right click on your desktop and select "Radeon Settings":

Then naviga…

Your first post in your Facebook Page, some simple tips

Many new pages are created on Facebook every day by brands that need to use the network for wither exposure or marketing or both. There are many small businesses that want to use Facebook and need to know about some initial tips to get started with their facebook page.

Facebook page management is no rocket science, but it can lead your brand to either a successful presence or nothing at all, if you don't pay attention to some details. You have to start with the basics. Your every-day process with your page is your posts, information you share on your page and your fans will see. First take a note that not all of your fans will see your post. Let's say you have 1000 fans, only about 10-15% of your fans are expected to actually see that post. What's important here is to make your post appealing so whoever sees it, will be able to engage with it, thus either comment, share or like it.

Take a look at our video for those tips :

Every time a Facebook user likes, share or commen…

Resident Evil 7 no stutter guide for 30 and 60 fps systems

The release of the last Resident Evil game has had us go from indifferent, to cautiously optimistic, to infatuated with one of the best releases in the series; a game on par with the couple of initial classics and the fourth instalment. Capcom decided to drop the third person over-the-shoulder perspective for this one and go with the first person camera, refreshing the whole series in the process. Make no mistake, this is one of the greats, and you owe it to yourself to at least try it out even if you aren't into horror games at all. Unlike other publishers, Capcom has been kind enough to provide a demo of the first hour of the game in Steam. Go ahead and try it.

The game itself is quite well optimized, as it is one of the initial PlayStation VR titles released and that means it has to adhere to specific latency requirements. The good news for PC gamers (sorry, no PC VR yet) is a 60fps target where most older GPUs and systems can have a proper experience. Unfortunately, the game …