Thanks to everyone who offered suggestions. My webhost confirmed that it
was a 'brute force' attack that got the password. They said that they
have software in place to detect that with the main logins, but are in
the process of installing it for FTP.
They didn't answer my question about SFTP
Mark Cassino [EMAIL PROTECTED] wrote:
I'm really ticked by the invasion of my site - ...
... It looks like I will need to delete the whole site and
re-upload from my local copy to make sure it is truly right.
A trick that can be handy, especially if you have several people
updating the same
Hello Mark,
Wednesday, January 17, 2007, 3:08:01 AM, you wrote:
MC Thankfully I'm on the site via FTP almost every day - and sort
MC directories by date last modified. That is inteded to get me to the
MC active directories that I'm working out of, so when an old directory
MC showed up at the
Boros Attila wrote:
You should not use FTP for anything but anonymous access to public
sites. It sends your username and password in cleartext. Use SFTP, or
secure FTP instead. It uses SSH to transfer files, and unlike
standard FTP, it encrypts both commands and data. Do not confuse
secure
Hello Mark,
Wednesday, January 17, 2007, 2:37:28 PM, you wrote:
MC Thanks Boros - It looks like I need to find a SFTP client, or maybe use
MC the built in file manager (have to check if it is safe.)
They are aplenty, the two most popular are:
WinSCP http://winscp.net/ which is completely free,
On 17/01/07, Mark Cassino [EMAIL PROTECTED] wrote:
Boros Attila wrote:
You should not use FTP for anything but anonymous access to public
sites. It sends your username and password in cleartext. Use SFTP, or
secure FTP instead. It uses SSH to transfer files, and unlike
standard FTP, it
As for guessing passwords, I came across this just the other day
which
shows just how easily many passwords can be guessed:
http://www.schneier.com/crypto-gram-0701.html#15
There are some good stories on that page. I particularly enjoyed the
one about Walmart and the bomb scare.
Bob
--
Boros Attila wrote:
They are aplenty, the two most popular are:
WinSCP http://winscp.net/ which is completely free,
Tunnelier http://www.bitvise.com/tunnelier which is free for personal
use since version 3.60.
Thanks - I'll look into them. I put in a Trouble Ticket with my Webhost
this
Mark Cassino wrote:
I put in a Trouble Ticket with my Webhost this morning asking
about how how to assure that uploads are secure, but
have yet to hear a reply.
I'm wondering if it isn't a security hole in your host's web server
that is at the root of the problem. They're running Linux and
Another free FTP free for personal use client is SmartFTP.
http://www.smartftp.com/
It will do secure FTP if recognized by your server and, if you have
files on more than one site, allows you to log onto multiple servers and
transfer directly from server to server.
-P
Mark Cassino wrote:
Paul Sorenson wrote:
Another free FTP free for personal use client is SmartFTP.
http://www.smartftp.com/
It will do secure FTP if recognized by your server and, if you have
files on more than one site, allows you to log onto multiple servers and
transfer directly from server to server.
I noticed in the occupations thread that a few folks on this list a
computer security professionals. I just had a disturbing experience - I
logged into my web page to find a directory full of crap that I didn't
put there. (Not to put on airs, but my crap is a a notch above
free-ringtones.)
Mark Cassino wrote:
So - is that explanation plausible? I find it hard to believe that
someone could guess that well and wonder if there was some other breach.
Hmmm. To me, that sounds plausible, *if* they have really lax security
settings in their network. For example, any decent Intrusion
If you posted a link to anything on your web space in an HTML web page
as FTP-able, I'm pretty sure the user name and password will show up in
the connection string. (I don't know if that's true of secure HTML but
then again I don't run an FTP site).
Mark Cassino wrote:
I noticed in the
Doug Franklin wrote:
Or, more insidious, and probably more likely, one or more of your
computers might be infected with a key logger. How recent are your
anti-virus siguatures? When was the last time you did a full system
scan? When was the last time you did a spyware scan? Did you use at
Doug Franklin wrote:
Mark Cassino wrote:
So - is that explanation plausible? I find it hard to believe that
someone could guess that well and wonder if there was some other breach.
Hmmm. To me, that sounds plausible, *if* they have really lax security
settings in their network. For
P. J. Alling wrote:
If you posted a link to anything on your web space in an HTML web page
as FTP-able, I'm pretty sure the user name and password will show up in
the connection string. (I don't know if that's true of secure HTML but
then again I don't run an FTP site).
Plain vanilla
P. J. Alling wrote:
If you posted a link to anything on your web space in an HTML web page
as FTP-able, I'm pretty sure the user name and password will show up in
the connection string. (I don't know if that's true of secure HTML but
then again I don't run an FTP site).
Thanks - I don'
18 matches
Mail list logo
