-Sam

So what FTP program do you recommend for Windows?

I would assume you recommend to start using SFTP?

Thanks for the heads up. I’m ditching FileZilla.

(FTP isn’t secure anyway, packet sniffing on wifi networks, many of which are wep, is easy enough. Use SCP if you want security.)

Additionally, you can use the fzdefault.xml file to tell FileZilla not to check for updates, which is usually a nuisance on a public machine anyway.

Read the FileZilla forums and see how their “admin” deals with such queries – quite frankly, the tone of his responses to their users would stop me using FileZilla even without this recent event!

If you don’t want all your ftp account details to land up in the hands of some hacker who will ruin your websites, DON’T USE FILEZILLA – even if your machines are like Fort Knox!

FileZilla’s “admin” response to users caught out in this way – “don’t use Windows”! Sorry?….I’m sure I was using the WINDOWS version of FileZilla? Really, I urge you to read their forums (search for encrypt and/or hacked) and you’ll soon see that FileZilla’s developers are not people whose software you would want to use.

I wish I’d read your original post 10 days ago – it would’ve saved me SO much hassle and a stack of work changing accounts and loading site backups. Thanks for bringing it to others’ attention though! Please, please, please, heed these warnings – however “safe” you believe your machines to be!

Paul

This is a major security risk and should be handled.

IF the user wants to store the password then the application should do its best to protect the user and in this case it means to use reasonable encryption which is not rocket science anymore.

Now anyone can just open the archive and steal your passwords, in fact malware and viruses steal passwords this way.

Shameless omission! being open source is no excuse for laziness.