Using Filezilla? Be carefull for hackers

george3000

Newbie
Joined
Oct 13, 2008
Messages
47
Reaction score
15
Yesterday, some of my autoblogs got hacked. I found my index.php rewritten as a redirect to the hacker's webpage, which is an infected webpage trying to install a trojan.

This is what happened: the account-details (FTP username and password) of the hacked blogs were stored in the memory of the FTP-client I use which is Filezilla.

I read on forums that Filezilla doesn't encrypt the stored passwords, which makes it easy for hackers to lay their hands on. Probably I had some trojan on my pc which extracted these account-details and send them to the hackers.

I know you probably think that I should protect myself against trojans, but lately I hadn't heard any bells or whistles from my antivirus-software, so I didn't know there was something malicious going on under the hood of my computer.

Luckily the hackers only modified the index.php file, so I didn't loose my databases and other stuff. I could easily fix the problem by replacing the index file by the original, but it could be much worse.

So don't use Filezilla, or at least don't store your passwords in this FTP-client.
 

thefallendevelopment

Jr. VIP
Jr. VIP
Joined
Aug 19, 2008
Messages
235
Reaction score
208
Age
36
Haven't heard of this. Thanks for the heads up! I'll look around some to see what i can find about this...maybe there's something that can be done to prevent things like this.
 

chickuzt

BANNED
Joined
Apr 19, 2008
Messages
112
Reaction score
98
Databases, watch out they could have put some injections in there as backdoors. This is so they can get access to your site again once you change the index or whatever back. So I suggest you rollback to an earlier database backup.

What is your site? I am well connected and your DB might be selling on the blackmarket.:(
 

foxler

Regular Member
Joined
Mar 7, 2008
Messages
279
Reaction score
163
To tell you the truth, im pretty sure they came in through your webhost or website. If your av software is not telling you, that you have any bad stuff on your pc then it's more likely that there is some vulnerable file either on your own hosting account (old plugins, php script) or they got in directly through another persons account (if its a shared host) and were able to edit your index.php because it was chmodded to 777.

Who's your hosting provider n what plugins are you running?

I've been using filezilla for a long time now and have never had a problem since i switched. If you think someone went through the trouble of getting in your system to just steal an ftp password, then I think you better be watching for your other email accounts and any other passwords that are stored on your pc (including all ff saved passes) because if they did get the passes from filezilla (which I doubt they did) then your whole system is vuln to keyloggers, net sniffers, and a lot more right now.
 

tsanko

Senior Member
Joined
Aug 9, 2008
Messages
864
Reaction score
1,057
I use Filezilla and has the same problem, but think it`s from hosting.
 

The_Joker

BANNED
Joined
Apr 8, 2008
Messages
307
Reaction score
158
another reminder to all peeps is to back up all ya shit if ya haven't especially on ya server
 

moromete

Junior Member
Joined
Jul 19, 2008
Messages
184
Reaction score
153
It's not from filezilla and not from the hosting. It's a trojan that scans your pc and for every ftp account and injects an iframe in every index.php files.
I had the same problem, over 60 websites, but fixed the problem in 1 hour.

I used bitdefender as antivirus..and it's not good. I tried and bought kaspersky and it's perfect now.

The trojan get's you when you visit some warez websites.So i got mine ..

Use an ftp manager that let's u password protect and encrypt data !
 

dvdcowboy

Junior Member
Joined
May 10, 2008
Messages
188
Reaction score
39
I use ubuntu linux.
Haven't had any problems since I kicked windows to the curb.
 

The Scarlet Pimp

Senior Member
Joined
Apr 2, 2008
Messages
1,057
Reaction score
3,935
yep... linux is the way to go if you want to be secure.
other than that, get a mac. hee! hee!
 

proxyprincess

Newbie
Joined
Aug 2, 2008
Messages
39
Reaction score
652
I use ubuntu linux.
Haven't had any problems since I kicked windows to the curb.
same here I use linux aswell .
I also only used flash fxp when I used winblows if you want a copy just pm and ill get ya a good one.:)
 

george3000

Newbie
Joined
Oct 13, 2008
Messages
47
Reaction score
15
Who's your hosting provider n what plugins are you running?

My host for these blogs is one.com (yes I know, worst buy ever for blackhat-purposes, but I'm waiting till my account expires before switching to another host)

I use quite a lot of plugins, but I doubt that would be the problem.

What is your site? I am well connected and your DB might be selling on the blackmarket.:(

I'm not really concerned about my DB being sold on the blackmarket. It consists mainly of auto-generated content, so I don't worry about that. Thanks anyway.

It's not from filezilla and not from the hosting. It's a trojan that scans your pc and for every ftp account and injects an iframe in every index.php files.
I had the same problem, over 60 websites, but fixed the problem in 1 hour.

I used bitdefender as antivirus..and it's not good. I tried and bought kaspersky and it's perfect now.

The trojan get's you when you visit some warez websites.So i got mine ..

Use an ftp manager that let's u password protect and encrypt data !

Well, that's exactly the same as what I experienced myself. Every index.php file was injected with an iframe. Even the wp-admin/index.php had to be repaired. Thanks for clearing this out. Any idea what the name of that trojan?

And to those who suggest to use Linux or Mac: I use too many applications that won't run on these OS'es, so that's not an option. But thanks anyway for trying to help.
 

jake3340

Supreme Member
Joined
Nov 20, 2008
Messages
1,430
Reaction score
433
Reason I always delete strange looking processes when I start my PC.
 

moromete

Junior Member
Joined
Jul 19, 2008
Messages
184
Reaction score
153
I forgot the name of the trojan, you can find more about this at blog.unmaskparasites.com/2009/01/14/gogo2me-hidden-iframe-injection/

Use a good antivirus, and anti spyware together, i use a-squared Anti-Malware.Do not rely only on antivirus to detect trojans and spywares. If you download warez ..scan it with an antivirus and antispyware , even of your anitvirus is set to real time protection.
Always have a anti trojan cleaner ready on your computer - Trojan Remover.

That's it ... and don't forget to encrypt your ftp stored accounts.

Or ..if you want to be 100% protected, use an usb stick with an portable ftp software..
 

Mage

Junior Member
Joined
Jan 31, 2008
Messages
150
Reaction score
20
By any chance is your hacker anti-american? I think in my case it was the hosting. Only one hosting account was affected and all the blogs with PR at least 2.
 
Top