Don’t Use FTP?

Received this email fwd from my pops, I kind of agree, FTP is inherently unsecure, but almost everything support SFTP now, so just use that!

 —–Original Message—–
From:
Sent: Tuesday, September 04, 2007 7:45 AM
To: corvallis-etailing
Subject: Re: Hacker-Virus alert

Hi Steve,

Uyyy… you’ve poked one of my PET PEEVES:

The root cause of this exploit was running ftp
ftp is an inherently RISKY protocol
it is childs play to sniff the passwords from it

No webhoster that hosts serious sites should be listening for FTP
, heck, no one should use FTP for anything in this day and age,
EVER. Lunarpages does not take security very seriously if they
allow even a single client to run ftp. Yes content is your
responsibility, but the carrier for that content is their
responsibility. You did not get hacked via insecure web content,
you got hacked because someone was able (through THEIR
complacency) to modify your web content.

The reason why webhosters do this is money and laziness: There
are applications (e.g. DREAM WEAVER) with built in ftp that are
well entrenched and users do not want to upgrade to the more
secure version or redo their settings. Rather than risk losing
these users the hosters continue to tolerate ftp and take money
from the security challenged, that’s most of them.

There are secure alternatives for uploading your website.
Look into WINSCP or the new DW now has secure protocols available
SFTP or SCP And look into a webhoster that prohibits FTP entirely
for everyone if it is a shared hosting situation. Once a skillful
hacker compromises one account through FTP it is just a matter of
time before they hack a system account, control the box and do
whatever they want. yes even with virtualization.

Prepare to be hacked again unless you get on a FTP-free server
because most likely your server is now on a list of “servers that
run ftp”

Cxxxxxx
(formerly a security analyst at Symantec)

P.S.
Please don’t go through your HTML code and clobber everything
between
“<!– … and –>” or you will lose all your sites’ internal
documentation. Those are the synatx for HTML comments.

On Sep 3, 6:35 pm, ”

> Heads up!
>
> My e-commerce site was hacked into and one or more viruses
planted.
>
> All files with “index” in the file name were corrupted with an
IFRAME
> link put into them. When I went to my site, I got virus and
spyware
> warnings from my PC-cillin.
> They said there was a JS_PSYME.ANT and a EXPL_IFRAMEBO.A virus,
> and a spyware warning with a link to “superengine.cn/1278/ir
>
> The planted IFRAME started & ended with <!— ~ —> so I was
able to
> search out all files with that text in them. It appeared in
only
> index files.
>
> Fortunately, I had a recent enough backup that I was able to
restore
> the files. And I changed the password.
>
> According to my host, LunarPages, “This problem is caused by
your ftp
> credentials being compromised and used to modify your index
files on
> your site.”
>
> They also said:
> The ‘Exploit.HTML.Iframe.FileDownload’ is the report about an
HTML
> formatted document, that contains a code that refers to
Internet
> Explorer IFrame vulnerability.
>
> This vulnerability allows an malicious HTML document, such as
email
> message, to execute automatically when the document is viewed
using
> Internet Explorer.
> It also affects email clients that use Internet Explorer to
view
> HTML formatted email messages,
> such as Outlook and Outlook Express.
>
> Although, Lunarpages takes security very seriously,
> and have technicians monitoring our servers 24/7 we cannot be
> responsible for account content. The security of your content
is the
> customer’s responsibility.
> You should always keep update with the latest exploits and what
> to do with keeping
> your content secure.
>
> You may review more about the IFRAME virus by visiting:
>
> http://www.f-secure.com/v-descs/iframe.shtml
>
> http://secunia.com/virus_information/17177/exploit.html.i…
>
<http://secunia.com/virus_information/17177/exploit.html.iframe.f
> iledownload/>
>
> http://www.viruslist.com/en/viruses/encyclopedia?virusid=
>
<http://www.viruslist.com/en/viruses/encyclopedia?virusid=78107 >
>
> Here are some security tips regarding html and browser security
as
> well.
>
> http://www.cert.org/tech_tips/securing_browser/
>
> http://netsecurity.about.com/cs/compsecurity101/a/aa04200...
>
<http://netsecurity.about.com/cs/compsecurity101/a/aa042003a.htm >
>
> http://www.fas.org/irp/doddir/army/wg2000/part02.htm

%d bloggers like this: