Highest Voted 'ftp' Questions - IT Security Stack Exchange

3

votes

3 answers

Should my webhost show the root filesystem over FTP?

I use a commercial web host, when I log in via regular FTP this is how the directories looks like: It seems strange that I can access system files, I thought I would be limited to access files below my user folder or web root folder (which is…

account-security ftp web-hosting

asked Nov 20 '16 at 08:34

oivind

31
1

3

votes

2 answers

Anonymous FTP Risks

If my IIS 6.0 web server is disabled and the only other service running is FTP, what are the security risks of allowing anonymous FTP read/write, considering that a random person couldn't use any sort of php/asp shell to compromise my system?

ftp

asked Apr 16 '12 at 18:10

Bhubhu Hbuhdbus

405
1
6
13

3

votes

3 answers

Is SFTP vulnerable to brute force, bounce, spoof, sniffing and port stealing?

I have been researching FTP and noted that using FTP means you are vulnerable to these types of attacks. I have been looking for an safer alternative and came across SFTP. Is SFTP still vulnerable to these types of attacks?

attacks ftp sftp

asked Apr 13 '16 at 17:05

Kōdo no musō-ka

315
4
11

3

votes

2 answers

Setting up SFTP at Production Server is a Risk?

There is a requirement to setup a SFTP server. This will be used by some of user b2b agents to upload files. Such kind of setup is always doubtfully risky in production environment where user can upload the malicious content, I am not sure how this…

ftp sftp

asked Apr 11 '16 at 13:01

Shritam Bhowmick

1,602
14
28

3

votes

6 answers

When is it safe to use a web based FTP client?

Is it safe to use a web based FTP client? If so, when? What should I watch out for?

web-application trust ftp client

asked Nov 23 '15 at 13:59

PyRulez

2,937
4
15
29

3

votes

2 answers

Is Sublime plugin FTPSync secure?

I use Firefox plugin FireFTP which stores FTP credentials in encrypted files. Sublime plugin FTPSync seems to store FTP credentials in a regular file. Does that make it unsafe to use?

ftp

asked Nov 10 '15 at 23:10

drake035

453
1
4
11

2

votes

3 answers

Unencrypted FTP to transfer encrypted data - okay if IP-restricted?

If unencrypted FTP over the public internet is the only file transfer option for a particular situation, what security concerns are applicable assuming: The data being transferred is strongly encrypted by whatever / whoever is creating the…

man-in-the-middle ip sniffer ip-spoofing ftp

asked Sep 03 '15 at 21:37

sa289

317
3
11

2

votes

2 answers

Is a server which FTP credentials were kept in a machine with Firefox being used compromised after the latest firefox vulnerability?

Since the vulnerability was specifically targeting FTP passwords in Windows machines there were used with things like Filezilla, can a server which SFTP credentials were kept in a windows machine using Firefox be considered already compromised? If…

vulnerability firefox ftp

asked Aug 12 '15 at 01:47

Sergio Pascarelli

23
2

2

votes

2 answers

Some questions about penetration testing distribution Backtrack 5

I know just the basics of backtrack and I want to ask some questions about it: Can you attack an ftp server using backtrack? an email server? I have a Centos virtual private server and backtrack is on my PC, Can I change the IP-address of backtrack…

attacks webserver email phishing ftp

asked Oct 03 '11 at 17:43

user

123
4

2

votes

2 answers

Who can actually see the password when I accidentally used ftp instead of sftp?

It has been said that if we accidentally use ftp instead of sftp, people can actually see the login name and password in pure text form, and it is very bad. But who can actually see it? Will it be operators at large firms only? Can any hobbyist at…

passwords ftp

asked Nov 26 '14 at 11:03

nonopolarity

141
1
3

2

votes

0 answers

vsftpd metasploit evidence in logs?

We have a public ftp server that is being probed by the usual Chinese brute-force scans. They are probing vsftpd. Notmally a failed login to vsftpd looks like this in syslog: Mar 17 15:56:07 cache0001 vsftpd: ftp_set_login_id - unable to esd_decode:…

metasploit ftp

asked Mar 17 '14 at 23:20

user42189

21
1

2

votes

3 answers

A scammer placed a remote file on a Wordpress website?

A previous developer I have used has got upset and start compromising the files of my website on daily bases (such as changing the index of the site with weird messages, deleting the .htaccess, renaming folders, modifying DB tables). I suspect while…

php mysql ftp wordpress

asked Aug 14 '13 at 09:54

user2681779

21
1

2

votes

0 answers

Hack scenario when a person has a non-superuser shell

Suppose that there are following three machines in the network: Machine A: Microsoft Server 2003 Service Pack 2 FileZilla 0.9.29 beta ftp server (TCP 21) Mcafee ePolicy server (81), remote desktop (3389), another McAfee server stuff (8081), DNS…

penetration-test ssh dns ftp sql-server

asked Sep 21 '12 at 00:31

Dotcom Boom

21
1
2

2

votes

3 answers

What could happen if someone guessed a password to my FTP server?

I've always wondered what could realistically (and maybe theoretically) happen if one of those "always trying to log in with common passwords" remote addresses guessed my password and gained admin access to my FTP server at home. From what I…

ftp

asked Apr 23 '18 at 18:46

user1306322

916
7
15

2

votes

2 answers

Does an unused ftp account pose a security risk?

I'm using BlueHost and have a few websites on my hosting. I decided to stop being lazy and start implementing some better security policies on my own part. Since FTP isn't secure, I changed to SFTP. The odd thing is that BlueHost won't let me delete…

webserver account-security ftp sftp

asked Jun 16 '17 at 23:07

Jacob Henning

199
1
9

Questions tagged [ftp]