Highest Voted 'ftp' Questions - IT Security Stack Exchange

1

vote

1 answer

Is an anonymous FTP user always a risk (even if this user doesn't have access to anything)?

I found some FTP servers in a network that seem to allow login with an anonymous FTP user. I confirmed this with the ftp-anon NSE script in Nmap. PORT STATE SERVICE 21/tcp open ftp |_ftp-anon: Anonymous FTP login allowed (FTP code 230) But…

asked Sep 01 '16 at 11:58

Bob Ortiz

6,234
8
43
90

1

vote

1 answer

Risk in FTP connect

excuse me the question perhaps beginner, but came out a doubt. One person asked me to edit your site, but it was very strange story and did not know this person yet ... When I connect me by filezilla, an unknown certificate warning appeared, and was…

server ftp risk

asked Aug 18 '16 at 03:08

Fábio

11
1

1

vote

2 answers

How does SFTP work? Please help someone

We run a system that automatically sends a swift message at the end of a process. But this messages are sent using FTP. We feel the FTP process is too prone to MITMA and wish to change the sending medium to SFTP. How can this be achieved? Remember…

vpn server file-encryption ftp sftp

asked Jun 24 '16 at 15:58

VINCENT_WALTER

11
2

1

vote

1 answer

Is authorisation of FTP safe against sniffing and vulnerable to man-in-the-middle hijacking?

One of my hosting providers still just offers FTP access to the server... Is authorisation safe (i.e. resistant to network sniffing) despite the content of the transmission is plain text? Is it possible to hijack such a FTP session? When is comes…

ftp sniffing

asked May 16 '16 at 07:29

Grzegorz Wierzowiecki

657
1
6
15

1

vote

1 answer

What is the difference between FTP Brute force with hydra and Metasploit?

What is the difference between FTP Brute force with hydra and and FTP brute force with Metasploit ?

metasploit ftp hydra

asked Oct 23 '15 at 13:33

Tilak Madichetti

252
1
6
16

1

vote

1 answer

WordPress is asking for my FTP password to update. Is this official behavior or am I compromised?

I'm running a personal WordPress server and I have 3 pending updates: WP update from 4.2.2 to 4.3.1. Akismet plugin update to 3.1.5 which addresses XSS issues. Twenty-fifteen theme update. For each of these update types, WP is prompting for my FTP…

passwords wordpress ftp

asked Oct 16 '15 at 22:53

skytreader

263
2
6

0

votes

1 answer

Iframe hack / done through FTP?

On two websites which I host for a friend, I found that there is an iframe at the bottom of each site's index.htm file. This isn't…

windows webserver virus ftp

asked Dec 19 '11 at 21:04

Rush Frisby

350
1
2
11

0

votes

1 answer

What to do against continuous FTP attack

I have a server (windows 2008) and this server uses WebsitePanel to host some websites. I tried to setup Mozilla FTP server, but I cannot get this to work. As I do not use it I do not mind. However by accident I almost immediately noticed that a…

ftp

asked Dec 24 '14 at 22:57

Clemens Linders

1

0

votes

1 answer

Period and direction of risk when connecting to malicious webserver

Please forgive my terminology mishaps. Recently, I tried to connect to a server over SFTP. The SSH public key response differed by 1 byte to what I was expecting, from an info page. I was tempted to go ahead and connect anyway, assuming it must be a…

webserver ssh ftp sftp

asked Sep 26 '14 at 18:20

OJFord

123
6

0

votes

1 answer

Access an ftp server gives me the passwd file though no shadow

I have gain access to a server via ftp which is showing me the passwd file with 2 users via ftp://1.2.3.4/../etc/passwd output is: root:*:0:0:root:: ftp:*:109:117:Anonymous FTP:: As such the shadow file is not available and doesn't give the same…

ftp

asked Mar 17 '14 at 04:31

Ziconius

3
2

0

votes

4 answers

How to secure my website's FTP?

When I opened ftp command prompt and typed open mydomain.com, it gave me the following and I think that this is a security vulnerable. connected to mydomain.com. 220----- Welcome to Pure-FTPd [privsep] [TLS] ----- 220- you are user number 1 of 50…

firewalls webserver known-vulnerabilities ftp security-theater

asked Mar 03 '14 at 18:31

Mina Hafzalla

203
1
5

0

votes

1 answer

vsftp encryption algorithm

I want to configure VSFTP for ftps protocol and it has some choices to select the encryption type: tlsv1, sslv2, sslv3. I read that tls version 1 has some security issues but in the man page it says that tls v1 is preferred. my question is why tls…

encryption tls ftp

asked Nov 10 '13 at 16:00

Hojat Taheri

113
2
8

0

votes

1 answer

Website Link Spam Hacking Protection

I've recently been employed as a junior web and software developer for a small company, and noticed that their Home page has had links to completely unrelated sites added like spam to the index.html which have been hidden (display:none) with…

php spam ftp web-hosting

asked Aug 16 '13 at 09:28

user29601

0

votes

1 answer

Allow read-only access to server-side pages for security review?

This answer: https://security.stackexchange.com/a/37319/10574 Mentions the issue of host-based security. To the end user, the web server is an untrustable black box. Would it provide to needed transparency to make host-based security trustable if…

webserver trust opensource ftp

asked Jun 17 '13 at 14:31

John

2,242
2
28
45

0

votes

2 answers

Keyloggers - Ports used by keyloggers

According to this article, keyloggers usually make use of the FTP ports and email ports: http://rbmikrotik.blogspot.com/2011/07/how-to-block-port-frequently-keylogger.html My question is, can a keylogger software make use of other ports within the…

email monitoring ftp

asked Mar 25 '13 at 21:57

Matthew

621
2
11
18

Questions tagged [ftp]