Posted on September 5, 2007
Don’t Use FTP?
Received this email fwd from my pops, I kind of agree, FTP is inherently unsecure, but almost everything support SFTP now, so just use that!
Â —–Original Message—–
Sent: Tuesday, September 04, 2007 7:45 AM
Subject: Re: Hacker-Virus alert
Uyyy… you’ve poked one of my PET PEEVES:
The root cause of this exploit was running ftp
ftp is an inherently RISKY protocol
it is childs play to sniff the passwords from it
No webhoster that hosts serious sites should be listening for FTP
, heck, no one should use FTP for anything in this day and age,
EVER. Lunarpages does not take security very seriously if they
allow even a single client to run ftp. Yes content is your
responsibility, but the carrier for that content is their
responsibility. You did not get hacked via insecure web content,
you got hacked because someone was able (through THEIR
complacency) to modify your web content.
The reason why webhosters do this is money and laziness: There
are applications (e.g. DREAM WEAVER) with built in ftp that are
well entrenched and users do not want to upgrade to the more
secure version or redo their settings. Rather than risk losing
these users the hosters continue to tolerate ftp and take money
from the security challenged, that’s most of them.
There are secure alternatives for uploading your website.
Look into WINSCP or the new DW now has secure protocols available
SFTP or SCP And look into a webhoster that prohibits FTP entirely
for everyone if it is a shared hosting situation. Once a skillful
hacker compromises one account through FTP it is just a matter of
time before they hack a system account, control the box and do
whatever they want. yes even with virtualization.
Prepare to be hacked again unless you get on a FTP-free server
because most likely your server is now on a list of “servers that
(formerly a security analyst at Symantec)
Please don’t go through your HTML code and clobber everything
“<!– … and –>” or you will lose all your sites’ internal
documentation. Those are the synatx for HTML comments.
On Sep 3, 6:35 pm, ”
> Heads up!
> My e-commerce site was hacked into and one or more viruses
> All files with “index” in the file name were corrupted with an
> link put into them. When I went to my site, I got virus and
> warnings from my PC-cillin.
> They said there was a JS_PSYME.ANT and a EXPL_IFRAMEBO.A virus,
> and a spyware warning with a link to “superengine.cn/1278/ir ”
> The planted IFRAME started & ended with <!— ~ —> so I was
> search out all files with that text in them. It appeared in
> index files.
> Fortunately, I had a recent enough backup that I was able to
> the files. And I changed the password.
> According to my host, LunarPages, “This problem is caused by
> credentials being compromised and used to modify your index
> your site.”
> They also said:
> The ‘Exploit.HTML.Iframe.FileDownloa
d’ is the report about an
> formatted document, that contains a code that refers to
> Explorer IFrame vulnerability.
> This vulnerability allows an malicious HTML document, such as
> message, to execute automatically when the document is viewed
> Internet Explorer.
> It also affects email clients that use Internet Explorer to
> HTML formatted email messages,
> such as Outlook and Outlook Express.
> Although, Lunarpages takes security very seriously,
> and have technicians monitoring our servers 24/7 we cannot be
> responsible for account content. The security of your content
> customer’s responsibility.
> You should always keep update with the latest exploits and what
> to do with keeping
> your content secure.
> You may review more about the IFRAME virus by visiting:
/viruses/encyclopedia?virusid =78107 >
> Here are some security tips regarding html and browser security
/cs/compsecurity101/a/aa042003a .htm >