Blog

FTP Password Thieves-Are You the Next Victim

Just read this article a moment ago, and thought I should let you, since it affects webmasters in a big way:

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1357912,00.html

There are seven ways to minimize your changes of getting hacked:

a) Use Secure File Transfer Protocol (SFTP) instead of FTP. Normally, this requires SSH access. The downside is that (from what I know) most web hosting companies don’t provide SSH access to their shared hosting customers! However, some do offer jailed SSH, which should be work as well! If you are on a VPS or Dedicated server, you should already have SSH access.

b) Use strong passwords: I use Roboform's password generating tool for this purpose! Usually its default settings work me, but if you need stronger passwords than what the tool offers by default, you can always customize the available options!

c) Keep your PC protected with Firewalls, Antivirus tools, Malware detectors, Anti-Spyware tools, etc. If you are looking for recommendations, here is a good forum thread to get you started:

http://forums.majorgeeks.com/showthread.php?&t=44525

Remember that different security tools work and behave differently on different systems, so it might take a few months of trial and error before you find the "perfect" solution for yourself!

Above all, UPDATE these security tools regularly!

d) Always download software programs from trusted sources, such as:

http://download.com

http://www.tucows.com/

e) As soon as you have downloaded a file, scan it with an antivirus tool to make sure it is not infected, especially if it happens to be an executable program!

f) Stay away from bad sites. If you visit sites that host porn, warez, keygen, etc., you cannot blame anyone but yourself in case you get infected with Trojans and viruses!

g) Avoid downloading files from Peer-to-Peer (P2P) connections: With most P2P networks, the uploaded content is hardly monitored, so your chances downloading a Trojan are very high. Another possibility is that of identity theft. You may be happily downloading some stuff using Limewire, while a couple of thieves are busy stealing your IP address, passwords, or other secret information they can use to harm you in future! Remote attacks are also a possibility!

If you really want to use P2P networks, use a strong P2P firewall and an IP address hiding tool to protect yourself; I am not sure if these security measures would cause you any inconvenience, though! Myself I have avoided P2P networks all my life. I miss out on a lot of goodies because many of them are required to be downloaded from P2P networks, and for heaven's sake, no matter what happens, I would never do that! :D

Here is a helpful article on Peer to Peer networks and how they work:

http://en.wikipedia.org/wiki/Peer-to-peer
 
Also, keep in mind that even if you follow the seven steps above, there is no guarantee that you would be totally protected from FTP password thieves! However, these security measures would certainly minimize the chances of attacks!

I hope this tiny article helped a little! As always, comments are most welcome! Please post your comments below:

4 Comments

  1. Paul Schlegel

    Great heads up. “Beer” sent.

    1. Arindam

      Thanks. I am gonna run to the bar for a sip! ;)

  2. Ken Harthun

    Very nice article, Arindam. As promised, I posted it to Ask the Geek…Ken

    1. Arindam

      Thank you very much Ken. :)

      Arindam