1

I've been seeing the exact same injected script on several of my websites for the last few weeks. Today I realize these websites don't share the same hosting servers, yet the attacks (1) started at the same time (2) are identical.

Does this prove that my FTP passwords have been stolen (they're all stored in Filezilla XML file on my hard drive), otherwise what else could be the security hole?

Also, is it reasonable to store FTP passwords in a file locally? If not, how should they be stored?

drake035
  • 453
  • 1
  • 4
  • 11

1 Answers1

1

It's also possible that all your websites have a common element (an insecure file upload) that's being targeted. Or someone is snooping on your network (which is why SFTP/SCP is better than FTP) But it's likelier that your passwords have been stolen.

It's generally a bad idea to store sensitive passwords in an unencrypted form on your local machine. Saving passwords is useful, but I personally use it for passwords which I don't care much about. (Even things like Firefox's master password feature can be circumvented by copying the entire user data directory). If you want to store sensitive passwords on your own machine, be sure to keep the machine secure with an antivirus and a strong firewall.

Manishearth
  • 8,237
  • 5
  • 34
  • 56
  • You mentioned SFTP, how about FTP over TLS (http://www.inmotionhosting.com/support/website/file-management/securely-connecting-your-website-using-ftp)? Also, if I choose not to store passwords locally, where is the most common place to store them? – drake035 Mar 19 '13 at 18:14
  • 1
    @drake035: Works as well. The most common place? Your brain. – Manishearth Mar 19 '13 at 18:20