Beware if you are using Filezilla

I love filezilla, but what happened this month will make me to rethink if I need another ftp program. I am using filezilla 3.1.3.1 client on my PC. Suddenly one good day when I tried to access one of my website,Firefox gave warning as "Reported attack page". When you see this type of issue with your webpage your heartbeat increases.It means youe Web server is hacked!!

I have posted my horror story at

Visible Blog: Filezilla Security Issues - Hackers are exploiting it
 
your computer was infected with trojan 'Gumblar' so it happened, the problem doesn't seem to be coming from filezilla itself as i too happen to download its latest version few days back and everything works superb, if you have trojan problem in windows then first buy Original Windows CD not pirated or copied one and when even that doesnt work, just start using linux instead it wont get affected by viruses and trojans as much as windows pc's.
correct me if im wrong!
 
This is wrong to make assumptions without asking first.I am using licensed windows xp with antivirus on it. I do admit that antivirus did fail.But why save password in cleartext.Also, to let you know the server was uploaded files from numerous ip.SO I hope all were infected.Just why not put a gate.
Here are list of IP from where files were uploaded on my server.[see attachment]
Also, windows is installed on 95% of personal computer.SO why open door for hackers on 95% of computer.
 

Attachments

  • ftplog.txt
    10.2 KB · Views: 5
  • ftplog.txt
    10.2 KB · Views: 5

chaudi

Member
Since it's open source it's open season for hackers. I think it is better now, but you right a year or two ago it was spyware.
 

mrchris

New Member
LOL's yeah filezilla is a 'old school' lazy way of getting passwords etc
same as wsftp.
for a laugh do a gaagle for
[dir] parent directory index of /backup

for .Net SQL pwd
[dir] parent directory index of /App_Code
[dir] parent directory index of /App_Data

you can also get the web.config files
 
Similar threads
Thread starter Title Forum Replies Date
Prashant Sharan Konstantinos Zournas : Beware of “Comparable domains sold” at GoDaddy appraisals Resources 0
Prashant Sharan Beware!! : Spammers are sending PayPal invoice for GoDaddy domains Legal Issues and Dispute 0
Prashant Sharan Beware of a new fake android app called “GoDaddy Dashboard : Website, Domain Name, Email” Resources 0
Prashant Sharan Beware while buying a domain-it can come with a penalty! Legal Issues and Dispute 0
JulienJ Beware of fraudulent activity by Pheenix.com The Lounge 0
Jason76 Beware of Cheap PPC Companies Webmaster Forum 0
kriss05 NNCC.in INDRP case decision has been published: 4L.in domain investors beware! Legal Issues and Dispute 12
domainking131 Beware! These are stolen domains Non-Indian Domains 0
domainking131 Beware of the spam emails Non-Indian Domains 0
domainking131 Amazon Beware!! Alibaba is coming!! The Lounge 0
Ceres Beware on April Fool's Day The Lounge 4
V Beware of the beginners mistake. General Indian Domain Name Discussion 12
T Beware if you get this email General Indian Domain Name Discussion 5
Prashant Sharan Google talks about using expired domains for backlinks and SEO Resources 0
Prashant Sharan Morgan Linton talks about big 10 startups who are not are using a .COM New GTLDs 0
Prashant Sharan .Art registry receives patent for using Whois to store artwork information New GTLDs 0
Prashant Sharan Elliot Silver on Google using Google TV domain names Resources 0
Prashant Sharan Elliot Silver on using Dropping. Pro for lead generation Resources 0
Prashant Sharan Elliot Silver: Using contact forms for outbound sales Resources 0
Prashant Sharan ICANN rejects Emily Rose's attempt to overturn an UDRP decision using the Reconsideration process. Registrars 0
Prashant Sharan Alvin Brown on how to search GoDaddy Domain Auctions using the “old” API Resources 0
Prashant Sharan Amazon is branding using .AWS.Will this kickstart a new trend ? New GTLDs 0
Prashant Sharan Konstantinos Zournas saved money using the GoDaddy Discount Domain Club.Let's see how. Registrars 0
Prashant Sharan Morgan Linton on using domain escrow service to scare scammers Resources 0
Prashant Sharan Elliot Silver on downside of using generic keyword for branding Resources 0
Prashant Sharan Domaining Tip: Kassey Lee on using End user research to buy domains Resources 0
Prashant Sharan Podcast Alert !! : Harman Singh on profitable domain investing using digital marketing Resources 0
Prashant Sharan Websites using .ZA ccTLD required to link to SA Coronavirus website Registrars 0
Prashant Sharan Tutorial: Tracking Verisign’s monthly top popular keywords using DomainScope API Resources 0
Prashant Sharan Using 4.cn to see domain sales in China Resources 0
Prashant Sharan The Queen doesn't like Harry using sussexroyal.com Non-Indian Domains 0
Prashant Sharan Vine's successor Byte is using Byte.CO Non-Indian Domains 0
Prashant Sharan Using quantitative methods for domain Investing Resources 0
Prashant Sharan DNW Podcast : Doron Vermaat on using for-sale only domain name landers. Resources 0
Prashant Sharan DNW Tutorial on how to register and purchase a domain using GoDaddy API Resources 0
Prashant Sharan Chris Zuiker warns investors of using "this" domain extension Non-Indian Domains 0
Prashant Sharan Email phishing campaign using legitimate TLD to evade spam filters Resources 0
Prashant Sharan NBCU brings forth “LX”, a new television service – Using LX.com Non-Indian Domains 0
Prashant Sharan Using DAN.com for domain payments Registrars 0
Prashant Sharan Morgan Linton's talk on Using tools to better track domain sales funnel Resources 0
Aubits Indian Brands using Generic Phrases/Keywords - .IN and .CO.IN General Indian Domain Name Discussion 4
Prashant Sharan Some tips on using the Lead Generator tool Resources 0
Prashant Sharan It seems that GoDaddy is using AdWords to Advertise New Extensions Registrars 0
Prashant Sharan Use caution using expired domain name metric Resources 0
Prashant Sharan Target seems to be using Logo “Emoji” for Domain Name Non-Indian Domains 0
Prashant Sharan ICANN is using Playmobil figures to illustrate its multistakeholder model principles! Non-Indian Domains 0
Prashant Sharan An Analysis: Using FB for buying and selling domains profitably? Non-Indian Domains 0
JulienJ Tip for using DomainTools' Domain Search Tool Resources 0
JulienJ Donuts’ .Dating Registry to Benefit from Niche Dating Site Using Trump Politics New GTLDs 0
JulienJ Preventing domain name spoofing and email fraud using DMARC Resources 0

Similar threads

whois



Forums dedicated to Indian domain names, including buying, selling, appraising, developing, and monetizing.

About Us

Threads
27,062
Messages
74,061
Members
7,646
Latest member
samir
Top Bottom