sFTP for Free accounts

R

rbeede

New Member
Messages
22
Reaction score
2
Points
0
It'd be nice of sFTP (not ssh shells) were enabled for free accounts. You can have only sFTP without allowing an ssh shell too.

If that isn't feasible then FTP with SSL would be a nice alternative.

I've seen botnets with trojans in the wild that are stealing FTP credentials by intercepting the plain text password as it goes across the network. It'd be nice to have some more security.
 
jtwhite

jtwhite

Community Advocate
Community Support
Messages
1,381
Reaction score
30
Points
0
Someone intercepting your password is highly unlikely unless you have allowed a trojan or other malicious software to be installed on your computer.
 
freezing

freezing

New Member
Messages
8
Reaction score
0
Points
0
Personally I'd like to run some tests on an sFTP client I'm developing, having the option to test it on my site here would certainly be useful.
 
leafypiggy

leafypiggy

Manager of Pens and Office Supplies
Staff member
Messages
3,819
Reaction score
163
Points
63
1. Jtwhite's correct, shouldn't matter. People honestly don't sit on wifi networks and monitor packet data looking for logins..

2. I'm fairly certain FTP passwords aren't sent in the clear. I believe the data is encrypted..
 
ah-blabla

ah-blabla

New Member
Messages
375
Reaction score
7
Points
0
leafypiggy said:
2. I'm fairly certain FTP passwords aren't sent in the clear. I believe the data is encrypted..
Click to expand...
They are:
http://en.wikipedia.org/wiki/Ftp#Security

I do agree with your first point that sniffing is unlikely (for a home network), albeit possible. If you are however on a proxy, TOR, or otherwise (possibly) unsecure connection, then it is possible, maybe even likely, that this could happen.

I do second the proposal though, since then you can use ftp safely without any concern about what connection you are using.
 
Last edited:
toyowheelin

toyowheelin

Community Advocate
Community Support
Messages
153
Reaction score
5
Points
0
NORMAL FTP has no encryption so unless you are using ssl or sftp everything is clear text.
 
Danielx386

Danielx386

Member
Messages
712
Reaction score
9
Points
18
ah-blabla said:
They are:
http://en.wikipedia.org/wiki/Ftp#Security

I do agree with your first point that sniffing is unlikely (for a home network), albeit possible. If you are however on a proxy, TOR, or otherwise (possibly) unsecure connection, then it is possible, maybe even likely, that this could happen.

I do second the proposal though, since then you can use ftp safely without any concern about what connection you are using.
Click to expand...
That would be the case when I'm at school
 
R

rbeede

New Member
Messages
22
Reaction score
2
Points
0
It happened at my work. Another person's machine was infected and the trojan sniffed the entire network around it looking for passwords.

It found some.

It then used the credentials to upload malware to websites which infected some web pages.

Our company is now moving to a policy of removing all ftp servers and having only sftp.

A few clients complained until we gave them detailed instructions on how to setup an sftp client on their end.

Also from a firewall configuration perspective sftp is easier to setup than ftp.
 
D

dvalin

New Member
Messages
6
Reaction score
0
Points
0
absolutely agree with previously said
SFTP or FTPS access to the hosting is a matter of a third part internet security weather on free accounts or not
 
You must log in or register to reply here.
Top