Saturday 2 April 2011

Using FTP can get you Hacked! Learn from my experience, Use SFTP from now on…



Now you may ask, why this post? Because I faced it! My FTP Account was being hacked. I don’t know how but Hackers had somehow got access to my FTP account and they were using three of my Domains for BlackHat SEO and for Spreading other Malware. I was somehow saved that they did not use this Blog for any corrupt activities.
My Hosting Provider (i.e. DreamHost) contacted me after suspicious activity with my FTP account. They noticed that my FTP account was being used by about 130 IP addresses since the last 30 days from 17 countries. Of course, they didn’t expect me to travel 17 countries in a month so they mailed me that they are suspicious of some illegitimate activity through some of my domain names.
They asked me to change the Password of my account and shift to SFTP(port number 22) instead of FTP(port number 21). I hurriedly changed the password of my account and started using SFTP. Even though the Slow Speed is pissing me off, its better than being hacked!
On further investigations, I came to know that there was no evidence of a server side hack. FTP passwords were collected by the botnet via malware/virii installed on user computers. But I am currently using UBUNTU, so how come the botnet was installed on it? I am still puzzled, need to do some research over it now…
Now, How easy it is to hack FTP passwords? Its pretty easy!
FTP passwords are transferred unencrypted and so any person getting access to the transferred files (say, via a sniffer or any other man-in-the-middle attack) can retrieve your password easily. Contrary to this, SFTP transfers encrypted passwords so it is difficult for the hacker to retrieve your original password.
It also came to my notice that my FTP login was used by Russia/China based websites for Blackhat SEO and Malware distribution purposes by adding their hidden code into all web-pages of Three of my Domains. I immediately disabled those three domains from the control panel as I was not using those for my front-end websites.
The basic script that they inserted into my pages is located at http://kollinsoy.skyefenton.com:8080/Telnet.js I would not suggest you to visit this link without any Antivirus protection, even though Firefox is blocking it saying that “Malware was found” on this site!
I will write another post if I come to know some more details about such compromise. For the time being, it must be understood that SFTP is far more Secured that FTP!

2 comments:

  1. Selling USA FRESH SSN Leads/Fullz, along with Driving License/ID Number with good connectivity.

    **PRICE FOR ONE LEAD/FULLZ 2$**

    All SSN's are Tested & Verified. Fresh spammed data.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    ->Bulk order negotiable
    ->Minimum buy 25 to 30 leads/fullz
    ->Hope for the long term business
    ->You can asked for specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    ReplyDelete


  2. This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:

    -Phone hacks (remotely)
    -Credit repair
    -Bitcoin recovery (any cryptocurrency)
    -Make money from home (USA only)
    -Social media hacks
    -Website hacks
    -Erase criminal records (USA & Canada only)
    -Grade change

    Email: cybergoldenhacker at gmail dot com

    ReplyDelete