Wordpress Hacks Due to FTP Weaknesses

**Sebastian** · 08-07-2010 06:33 AM

Hey Guys,

In light of all the Wordpress hacks, I've been working with some devs to beef up my security framework.

I thought I'd share what seems to be the hackers current strategy:

First, they target all internet surfers because they know that a minority will be webmasters.

When someone visits an infected site, Malware is served on their computers

The Malware scans for an FTP program, like Filezilla. Few people know this but your FTP password is actually stored in plain text in an xml document on your computer. It is super easy for the malware to pick it up.

Great, now they have access to your entire FTP.

They Locate WP, and inject malware into your site, infecting more people, and creating a positive feedback loop.

Soon a majority of webmasters are infected.

So creating stronger passwords won't be of much help here.

The trick is to remove the password from the xml file. An easy way to do this is to bypass the site manager in Filezilla. That way you input your credentials every time, and they aren't stored anywere. If you want to use the site manager, use the other password options instead, which prompt a user evertime.

Basically kill the 1-click connect, because it's the weakest link in your security framework by far. In fact, it's so weak it's almost a joke. Filezilla says it's not their problem though, it's the OS that should take care of this...

LOL, anyways, hope this helps. Would love to hear more tips on this if you have it.

I still haven't got hacked btw, hopefully it stays that way.

Seb

**Tim** · 08-07-2010 08:27 AM

Good advice Seb.

I remember hearing this about FileZilla a while ago and was quite shocked. I've since removed all passwords from the site manager field. I keep them all in RoboForm safenotes and copy/paste when I need to use FTP. I still store the host and username information though for time saving. Do you think that's safe enough?

BTW, where is the XML file stored locally? I can't find it.

**Sebastian** · 08-07-2010 09:35 AM

Here's an article that covers this from end to end

Beware: FileZilla Doesn’t Protect Your Passwords | Unmask Parasites. Blog.

**jdwanchalk** · 08-07-2010 04:58 PM

So if you manually enter your passwords (for FTP with Filezilla) each time, everything should be fine?

**Jibninjas** · 08-07-2010 06:38 PM

Originally Posted by jdwanchalk

So if you manually enter your passwords (for FTP with Filezilla) each time, everything should be fine?

Not necessarily. It will be better, but still not as secure as you could be. If you computer is infected with a keylogger they can still steal your passwords.

If you really want to be as secure as possible you would use a program like keepass and store your password there, then when you need to enter it in you would use their encrypted cut/paste feature.

**Sebastian** · 08-07-2010 11:47 PM

Originally Posted by Jibninjas

If you really want to be as secure as possible you would use a program like keepass and store your password there, then when you need to enter it in you would use their encrypted cut/paste feature.

Cool. Thanks for this.

Thread: Wordpress Hacks Due to FTP Weaknesses

LinkBack

Thread Tools

Display

Wordpress Hacks Due to FTP Weaknesses

Thread Information

Users Browsing this Thread

Bookmarks

Bookmarks

Posting Permissions