[MikeDVB]

We've changed some FTP configurations and firewall settings to make sure that FTPES (http://en.wikipedia..../FTPES#Explicit) and FTPS (http://en.wikipedia....i/FTPS#Implicit) function perfectly on our servers and services.

This will allow you to upload/download your files over SSL.

Not many use this and as such this issue wasn't discovered until recently - we've updated all servers to allow this and all new servers provisioned will be configured as such.

If you have any questions, feel free to respond to this thread

[skunkbad]

MikeDVB, on Oct 19 2009, 04:27 PM, said:

We've changed some FTP configurations and firewall settings to make sure that FTPES (http://en.wikipedia..../FTPES#Explicit) and FTPS (http://en.wikipedia....i/FTPS#Implicit) function perfectly on our servers and services.

This will allow you to upload/download your files over SSL.

Not many use this and as such this issue wasn't discovered until recently - we've updated all servers to allow this and all new servers provisioned will be configured as such.

If you have any questions, feel free to respond to this thread

Hey, thanks for making the change. I had a ticket in today regarding this issue.

I started using FTPES after having regular FTP passwords stolen by a virus on my network. We have taken the infected computer offline, but I learned a valuable lesson about using a secure FTP connection, and also that FTP passwords should never be stored in the FTP client.

There are a handful of viruses out there that sniff network traffic and steal FTP logins. The stolen FTP logins are sent to a bot network, and the computers on the network will log in and put in iframes and all kinds of malicious code. If the virus is on your own computer, it will steal the saved passwords you have in your FTP client.

My sites are not that large, but for somebody with a large site, the damage done can be devastating. Most people would probably think that it was a security vulnerability on the host machine, but this is not the case. In my case, it was my mom's computer downstairs.

[MikeDVB]

skunkbad, on Oct 19 2009, 09:19 PM, said:

Hey, thanks for making the change. I had a ticket in today regarding this issue.

No problem - it took us a few moments to discover and resolve for you but in the end I'm very happy with the outcome

skunkbad, on Oct 19 2009, 09:19 PM, said:

I started using FTPES after having regular FTP passwords stolen by a virus on my network. We have taken the infected computer offline, but I learned a valuable lesson about using a secure FTP connection, and also that FTP passwords should never be stored in the FTP client.

Good advice indeed about not storing FTP passwords. Another thing you should do is rotating your password regularly - all of my passwords are rotated on a weekly basis.

skunkbad, on Oct 19 2009, 09:19 PM, said:

My sites are not that large, but for somebody with a large site, the damage done can be devastating. Most people would probably think that it was a security vulnerability on the host machine, but this is not the case. In my case, it was my mom's computer downstairs.

Large or small, the damage can be devastating depending on what exactly the attackers do with your account. In the case of cPanel if they have your FTP information then they also have access to your cPanel unless you set up an alternate FTP account to use (which I personally suggest).