Skip to main content

Filezilla saves passwords in plain text, threatens your night sleep

Filezilla fail
Filezilla fail (Photo credit: Siim Teller)
Most of website developers and designers need a way to upload content to the webserver when done in order to deploy the website. Most then use Filezilla, an FTP client that can help you transfer your files to the webserver via the FTP protocol.

But Filezilla, no matter being a fantastic application, has a specific attribute that will make it sometime, crucial to your business.


And that attribute is that it saves your servers, usernames and password to a specific folder in your computer. Want more? It also saves the ftp passwords in PLAIN TEXT so that nobody will have to make an effort to even decrypt them.

According to an article ( http://unsharptech.com/2008/05/20/filezilla-ftp-passwords-stored-in-plaintext/ ) and from your own multiple tests for this matter, Filezilla indeed saves your passwords.

There is a way to enable Kiosk Mode for Filezilla that is mentioned not to save passwords, we did it but it never worked ok. Filezilla saves your passwords in the folders mentioned below :


Windows XP/2K: “C:\Documents and Settings\username\Application Data\FileZilla
Windows Vista: “C:\Users\username\AppData\Roaming\FileZilla\”
Linux: “/home/username/.filezilla/”
( from http://unsharptech.com/2008/05/20/filezilla-ftp-passwords-stored-in-plaintext/ )

and not only does it save your Bookmarks' passwords, it also saves the last connected server, password and username.

How we found out?

We got bitten by a trojan that stole those exposed passwords and affected some websites with iframe code for malware redistribution which we had to clean up. This password leak, came from filezilla where we had stored our bookmarks. Stupid yes, but we did not know then.

So what not to do

If you can, do not use filezilla, use another ftp client like gFTP ( which we searched and does not save password in Linux ) or WinCSP. If you must use filezilla, we'd say that you go on and delete those blocks in those files above whenever you can to avoid being stolen and then God knows...


Enhanced by Zemanta

Popular posts from this blog

Enable AMD's Radeon Chill feature for all games.

Since 2014 AMD has been following the tradition of releasing new performance and usability features in their December driver, and 2016 was no exception. Among the myriad of new features and enhancements, was also one that passed almost unnoticed, called Radeon Chill.

Stemming from AMD's acquisition of HiAlgo earlier in 2016, it offers the possibility of huge power and thermal savings while gaming, by monitoring screen movement and adjusting the frame rate accordingly. There is even the claim that it could also reduce response times since the GPU is not occupied with rendering as often.

Its only issue: it's not global, and it's based on a white list of applications to function. But fear not, for we are here. Using a trick as old as operating systems themselves, you can try to make it work with every title. Let's see how to do that.
Step One: Activate Radeon Chill. Doing that is fairly easy. Right click on your desktop and select "Radeon Settings":

Then naviga…

[UPDATE] How to move your wordpress site and mysql database from local XAMPP to the web server

Most web developers follow the way of "first local, then on the server" for their website's early development or setup stages in order to gain either speed or freedom in installing pluging and extensions due to servers' permissions for files and folders.

A small problem comes around when you need to move your site from your local environment ( commonly XAMPP ) to your webserver so your website can go "live". This article will let you know the steps you need to follow when it comes to Wordpress and moving if from local to yuor server.

Before we start, you will need to : 1. have the url, username and password of your hosting environment's management panel ( cPanel or Plesk e.t.c. ) and log into it.
2. in your hosting panel, you need to add FTP access to your site, you will need to jot down the IP or domain name ( depending on DNS ), a username and a password
3. you will need to go into your hosting's database management via your management panel, cre…

How to create a simple Facebook page cover photo with Inkscape

Inkscape is a free, open source application via which you can create vectory graphics. You can also use Inkscape to create your facebook page main graphics such as the logo and the cover photo, maybe also some images to highlight and assign as album covers.

In order to create your first Facebook cover photo for your page, first open us inkscape :


Second, go to File-> Document Properties and assign the canvas size to match the Facebook cover photo size in pixels, as below :


Next, you can add a rectangle to your cover and some text, via the tools to your left, the mail tool bar of Inkscape as you can see in the next two images : 
 Once you are done with your cover, you can save it :


Remember that you can save this as png which is something Facebook can "understand" and also it would be wise to save this as "Inkscape SVG" which is a native form of Inkscape file type which you can open again later via Inkscape and be able to edit it. 
Then, you can change your cover…