Better still, I have switched to using SFTP loggins everytime. Atleast it provides more safety than sending passwords in plain-text.
On Sat, Jul 25, 2009 at 1:02 AM, Kirk M<[email protected]> wrote: > I also, as a rule, don't store passwords locally. The single exception to > this is FileZilla (Windows install) as it seems to give me no choice in the > matter. And since it sends FTP login data to the server in plain text anyway > does it really matter as long as your firewall and anti-malware protection > is fully up to date? This is for local protection only since you can't do a > damn thing once you hit the "Connect" button in FileZilla and your login > data is out there for everyone to see. > > And for these folks who found their sites had been hacked, what OS were they > running? If Windows, we're they properly protected (firewall? Anti-malware > program? Which brand?) > > Just thinking out loud there... > > Just on the off-chance that this has affected my Windows machine and > possibly any blogs I administer via FTP (all on the same host) I did a full > anti-malware scan on my Windows partition and thoroughly checked the sites I > administer and everything's clean. > > One thing I have to wonder about though. On a Windows (desktop) system would > using Windows "Encrypting File System" (EFS) to encrypt the FileZilla > (settings) folder and it's .xml files help prevent this type of thing from > happening locally? > > On 7/24/2009 10:09 AM, Jennifer Hodgdon wrote: >> >> Doesn't anyone besides me think it is a poor security practice to store >> FTP credentials on their PC at all? I realize it is a bit inconvenient >> at times to have to remember passwords, but if your FTP software is >> storing credentials in an unencrypted file, I think it is a HUGE >> security risk to let it store your FTP passwords. This also goes for >> your browser storing login passwords for your sites. >> >> --Jennifer >> >> Chris Jean wrote: >>> >>> I did a lot of reading on this subject to ensure that I knew the full >>> scope of it. It's quite clear to me that the stolen FTP credentials are >>> definitely the cause of this specific issue: >>> >>> * Malicious “Income” IFrames from .CN Domains http://bit.ly/NgWFA >>> * Hidden CN Iframes Are Still Prevalent http://bit.ly/12uY53 >>> >>> That said, you are quite right that getting a virus on your local >>> machine isn't the only problem. It is very important for WordPress users >>> to be aware that their site can be compromised by poor security >>> practices on or off their server. >> > _______________________________________________ > wp-testers mailing list > [email protected] > http://lists.automattic.com/mailman/listinfo/wp-testers > _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
