Looking for Help with FTP Options
Hope you can help me with some pointers about options in FTP uploads.
I've been using in the past Adobe GoLive to upload my files to my server, and more recently Dreamweaver - but I am now discovering that there is a security issue with this method of FTP uploading and I've been recommended to use FileZilla instead as they support FTPS.
Does anyone else have experience with this topic who might be able to shed some light on it?
Hope you can help.
mrgilb posted this at 15:33 — 30th September 2009.
They have: 25 posts
Joined: Sep 2009
ftp runs on port 21
sftp uses putty to connect to sshd server on port 22
greg posted this at 22:57 — 30th September 2009.
He has: 1,581 posts
Joined: Nov 2005
Consider the "chances" that someone is sniffing your data between your network and the server you are transfering to - pretty slim.
So if only basic web files, and your code is secure anyway (or only HTML and CSS) then there is little to worry about.
If you are uploading files that have some sort of security requirement, documents with sensitive/personal data, credit card details etc then yes you should probably be using a secure connection.
For day to day website code I see no real reason.
Greg K posted this at 01:50 — 1st October 2009.
He has: 2,145 posts
Joined: Nov 2003
I agree that for everyday websites, standard FTP should be pretty decent, again, the odds get pretty slim. However, consider that is not just the files you are transferring that are snoopable. It is also the login credentials you use for the FTP, so even if the files you are transferring are not that sensitive, keep in mine ANYTHING that can be accessed by that login.
If you are going do it across an unsecured wireless network, DEFINITELY do secure FTP.
I have my e-mail client on this laptop set to use nothing but secure connections to the mail server for that reason.
Again though, odds are pretty thin for the most part of being "captured"
-Greg
rogenda posted this at 12:10 — 3rd October 2009.
They have: 1 posts
Joined: Oct 2009
Hi Guys is there any html code I can use to disable a clients website after period of time if he is reluctant to pay.
Shaggy posted this at 14:39 — 6th October 2009.
They have: 121 posts
Joined: Dec 2008
I have to disagree with the statement that FTP is good enough for really anything outside your own controlled single user network. Maybe I'm paranoid ( I don't think I am ), but I have never, and would never consider sending user credentials 'into the cloud' in clear text.
There are many clients (including Filezilla mentioned) that make SFTP/SCP just as usable as FTP clients, but do not send passwords, nor file contents in clear text. Security is only as good as your weakest link - and clear text over the wire is weak.
Cheers,
Shaggy.
greg posted this at 00:08 — 8th October 2009.
He has: 1,581 posts
Joined: Nov 2005
I agree totally, but it's still about chances.
With "roughly" 30 to 40 MILLION (+) servers in the world, the chance that someone is analysing packets on your server's port 21 with ill intention is pretty slim.
That's not to say it wont happen to you, and if it does and they have access to your server files, it's going to be a real annoyance - depending on what they do.
But serious hackers tend to go for big sites with users credit cards, thousands of email addresses, use it to serve illegal files etc, and those hackers are "more likely" to use other exploits and vulnerabilities that will give access to server logs so they can leave no trace.
FTP doesn't usually give access to these logs.
That's not to say they wont sniff your data to analyse your activity first, but they likely wont use FTP to do the "deeds".
Small sites rarely get hacked other than from people learning or doing it for the sake of it, as there's nothing there worth hacking for.
So the majority who will get access with FTP by analysing/sniffing are likely going to mess around - delete all files, upload their own site or the usual "This site was hacked by "gxmax-hack-boy".
When you consider that even if you do get compromised, changing passwords, wiping what they did and re-uploading your BACKUP files isn't the end of the world, and importantly it's highly unlikely to happen, then it's not really something that "needs" to be catered for.
I might trip over tomorrow, do I wear a chin protector and leather gloves just in case?
Again, if you have anything personal, sensitive etc, or just want peace of mind that you are a bit more secure, as Shaggy does, then use secure transfer.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.