Beware if you are using Filezilla

I love filezilla, but what happened this month will make me to rethink if I need another ftp program. I am using filezilla 3.1.3.1 client on my PC. Suddenly one good day when I tried to access one of my website,Firefox gave warning as "Reported attack page". When you see this type of issue with your webpage your heartbeat increases.It means youe Web server is hacked!!

I have posted my horror story at

Visible Blog: Filezilla Security Issues - Hackers are exploiting it
 
your computer was infected with trojan 'Gumblar' so it happened, the problem doesn't seem to be coming from filezilla itself as i too happen to download its latest version few days back and everything works superb, if you have trojan problem in windows then first buy Original Windows CD not pirated or copied one and when even that doesnt work, just start using linux instead it wont get affected by viruses and trojans as much as windows pc's.
correct me if im wrong!
 
This is wrong to make assumptions without asking first.I am using licensed windows xp with antivirus on it. I do admit that antivirus did fail.But why save password in cleartext.Also, to let you know the server was uploaded files from numerous ip.SO I hope all were infected.Just why not put a gate.
Here are list of IP from where files were uploaded on my server.[see attachment]
Also, windows is installed on 95% of personal computer.SO why open door for hackers on 95% of computer.
 

Attachments

  • ftplog.txt
    10.2 KB · Views: 5
  • ftplog.txt
    10.2 KB · Views: 5

chaudi

Member
Since it's open source it's open season for hackers. I think it is better now, but you right a year or two ago it was spyware.
 

mrchris

New Member
LOL's yeah filezilla is a 'old school' lazy way of getting passwords etc
same as wsftp.
for a laugh do a gaagle for
[dir] parent directory index of /backup

for .Net SQL pwd
[dir] parent directory index of /App_Code
[dir] parent directory index of /App_Data

you can also get the web.config files
 
Similar threads
Thread starter Title Forum Replies Date
Digital Pandit Konstantinos Zournas : Beware of “Comparable domains sold” at GoDaddy appraisals Resources 0
Digital Pandit Beware!! : Spammers are sending PayPal invoice for GoDaddy domains Legal Issues and Dispute 0
Digital Pandit Beware of a new fake android app called “GoDaddy Dashboard : Website, Domain Name, Email” Resources 0
Digital Pandit Beware while buying a domain-it can come with a penalty! Legal Issues and Dispute 0
JulienJ Beware of fraudulent activity by Pheenix.com The Lounge 0
Jason76 Beware of Cheap PPC Companies Webmaster Forum 0
K NNCC.in INDRP case decision has been published: 4L.in domain investors beware! Legal Issues and Dispute 12
domainking131 Beware! These are stolen domains Non-Indian Domains 0
domainking131 Beware of the spam emails Non-Indian Domains 0
domainking131 Amazon Beware!! Alibaba is coming!! The Lounge 0
Ceres Beware on April Fool's Day The Lounge 4
V Beware of the beginners mistake. General Indian Domain Name Discussion 12
T Beware if you get this email General Indian Domain Name Discussion 5
Digital Pandit Using SSAD for Whois queries? Registrars 0
Digital Pandit Amazon started using a hard-won .amazon New GTLDs 0
Digital Pandit There are companies using number-word domains, but be cautious Resources 0
Digital Pandit DNW Podcast: Andrew Rosener on DNS using blockchain technology Resources 0
Digital Pandit Elliot silver on using the ExpiredDomains.net watchlist Resources 0
Digital Pandit Andrew Allemann on using Microsoft Clarity to improve your website Resources 0
Digital Pandit The importance of domains: Amazon is using Amazon.Care for employee benefit New GTLDs 0
Digital Pandit Andrew Allemann shares his experience of using Domain Agents Registrars 0
Digital Pandit Kassey Lee: Using LinkedIn to contact corporate executives in China Resources 0
Digital Pandit Google talks about using expired domains for backlinks and SEO Resources 0
Digital Pandit Morgan Linton talks about big 10 startups who are not are using a .COM New GTLDs 0
Digital Pandit .Art registry receives patent for using Whois to store artwork information New GTLDs 0
Digital Pandit Elliot Silver on Google using Google TV domain names Resources 0
Digital Pandit Elliot Silver on using Dropping. Pro for lead generation Resources 0
Digital Pandit Elliot Silver: Using contact forms for outbound sales Resources 0
Digital Pandit ICANN rejects Emily Rose's attempt to overturn an UDRP decision using the Reconsideration process. Registrars 0
Digital Pandit Alvin Brown on how to search GoDaddy Domain Auctions using the “old” API Resources 0
Digital Pandit Amazon is branding using .AWS.Will this kickstart a new trend ? New GTLDs 0
Digital Pandit Konstantinos Zournas saved money using the GoDaddy Discount Domain Club.Let's see how. Registrars 0
Digital Pandit Morgan Linton on using domain escrow service to scare scammers Resources 0
Digital Pandit Elliot Silver on downside of using generic keyword for branding Resources 0
Digital Pandit Domaining Tip: Kassey Lee on using End user research to buy domains Resources 0
Digital Pandit Podcast Alert !! : Harman Singh on profitable domain investing using digital marketing Resources 0
Digital Pandit Websites using .ZA ccTLD required to link to SA Coronavirus website Registrars 0
Digital Pandit Tutorial: Tracking Verisign’s monthly top popular keywords using DomainScope API Resources 0
Digital Pandit Using 4.cn to see domain sales in China Resources 0
Digital Pandit The Queen doesn't like Harry using sussexroyal.com Non-Indian Domains 0
Digital Pandit Vine's successor Byte is using Byte.CO Non-Indian Domains 0
Digital Pandit Using quantitative methods for domain Investing Resources 0
Digital Pandit DNW Podcast : Doron Vermaat on using for-sale only domain name landers. Resources 0
Digital Pandit DNW Tutorial on how to register and purchase a domain using GoDaddy API Resources 0
Digital Pandit Chris Zuiker warns investors of using "this" domain extension Non-Indian Domains 0
Digital Pandit Email phishing campaign using legitimate TLD to evade spam filters Resources 0
Digital Pandit NBCU brings forth “LX”, a new television service – Using LX.com Non-Indian Domains 0
Digital Pandit Using DAN.com for domain payments Registrars 0
Digital Pandit Morgan Linton's talk on Using tools to better track domain sales funnel Resources 0
Aubits Indian Brands using Generic Phrases/Keywords - .IN and .CO.IN General Indian Domain Name Discussion 4

Similar threads

whois



Forums dedicated to Indian domain names, including buying, selling, appraising, developing, and monetizing.

About Us

Threads
27,898
Messages
74,991
Members
7,703
Latest member
robin1212
Top Bottom