[quote author=xppman link=topic=4676.msg20700#msg20700 date=1155440518]
Are you suggesting we should all stop FTPing
because of some hackers?
[/quote]Yeah, buddy!
Are you going to answer the questions below?
So are you saying if we use FTP we are somehow in "danger"?
And if so.... who are we in danger against?
Is there a way to configure and FTP program that will make us safe?
[quote author=xppman link=topic=4676.msg20791#msg20791 date=1155593619]
Are you going to answer the questions below?
So are you saying if we use FTP we are somehow in "danger"?
And if so.... who are we in danger against?
Is there a way to configure and FTP program that will make us safe?
[/quote]Sorry.
What I'm saying is FTP is old, pre-hacker technology. It was designed for scientists to exchange information, not for eCommerce purposes.
When you broadcast your login and password in plaintext because you're using FTP, you run the risk of someone intercepting it and having access to your site for whatever suits their purpose. My economy GoDaddy account would not let me use SFTP, for example, so it has to be supported on both ends.
Most FTP software today probably includes the option to use SFTP if you remember to click the button and your web host supports it. You probably also have the option of SSL, SSH, etc. All of those options are acceptable. Maybe you need to follow Regi's advice if you use SSH, but SSH is still much more secure than FTP.
FTP should really only be used for uploading/downloading from public servers. My concern is people have everything they need to do SFTP, but they don't know they have to remember to specify it.
Quote:My concern is people have everything they need to do SFTP, but they don't know they have to remember to specify it.
There's nothing for someone on a shared server to remember or specify. Almost all hosting companies will setup their clients accounts with either FTP or SSH/SFTP - not with both. If your hosting company setup your account to use SSH/SFTP you will not be able to login using FTP, and vice versa. It would be a security risk to open up both port 21 and port 22 for hosting clients.
So is it safe to be using FTP like I am?
Is my loging info and pass safe ?
Are you using WS_FTP Home?
[quote author=xppman link=topic=4676.msg20798#msg20798 date=1155598538]
So is it safe to be using FTP like I am?
Is my loging info and pass safe ?
[/quote]
Yes. 99% of all hacker attacks/data breaches occur when data is being stored on a server, not when it is being transmitted to/from a server. It is extemely rare for hackers to bother trying to intercept transmissions to a server because there is much more to be gained by going after the data sitting on the server. The best thing to do is choose a secure password with a combination of upper and lower case letters and numbers. Since most breaches occur on the server rather than during the transmission of data to/from the server, you are as likely to have your login details compromised with SFTP as you are with FTP because people run automated programs against both the FTP and SFTP ports that attempt to guess passwords/user IDs by generating 1000s of combinations.
Thanks regic for putting that into layman's terms.
I've been using FTP for years and never had a site compromised to my knowledge :
