Re: [wp-testers] Default.widgets.php Hacked? What to do?

Fri, 24 Jul 2009 12:33:06 -0700

I also, as a rule, don't store passwords locally. The single exception to this is FileZilla (Windows install) as it seems to give me no choice in the matter. And since it sends FTP login data to the server in plain text anyway does it really matter as long as your firewall and anti-malware protection is fully up to date? This is for local protection only since you can't do a damn thing once you hit the "Connect" button in FileZilla and your login data is out there for everyone to see.
And for these folks who found their sites had been hacked, what OS were they running? If Windows, we're they properly protected (firewall? Anti-malware program? Which brand?) 

Just thinking out loud there...


Just on the off-chance that this has affected my Windows 
machine and possibly any blogs I administer via FTP (all on 
the same host) I did a full anti-malware scan on my Windows 
partition and thoroughly checked the sites I administer and 
everything's clean.



One thing I have to wonder about though. On a Windows 
(desktop) system would using Windows "Encrypting File System" 
(EFS) to encrypt the FileZilla (settings) folder and it's .xml 
files help prevent this type of thing from happening locally?


On 7/24/2009 10:09 AM, Jennifer Hodgdon wrote:

Doesn't anyone besides me think it is a poor security practice to store
FTP credentials on their PC at all? I realize it is a bit inconvenient
at times to have to remember passwords, but if your FTP software is
storing credentials in an unencrypted file, I think it is a HUGE
security risk to let it store your FTP passwords. This also goes for
your browser storing login passwords for your sites.

--Jennifer

Chris Jean wrote:

I did a lot of reading on this subject to ensure that I knew the full
scope of it. It's quite clear to me that the stolen FTP credentials are
definitely the cause of this specific issue:

* Malicious “Income” IFrames from .CN Domains http://bit.ly/NgWFA
* Hidden CN Iframes Are Still Prevalent http://bit.ly/12uY53

That said, you are quite right that getting a virus on your local
machine isn't the only problem. It is very important for WordPress users
to be aware that their site can be compromised by poor security
practices on or off their server.



_______________________________________________
wp-testers mailing list
wp-testers@lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-testers





























					Reply via email to