Secure FTP?

[bonusgeek]

I'm gonna post this in the new casino affiliates section since I feel like a complete newb asking it after 5 years in the biz lmao.

Anyways by question is does anyone here use secure ftp when uploading their website files? I recently read that regular ftp shows usernames and passwords in plain text, so I am just curious how other webmasters upload files. I use dreamweaver for all my websites, but I have not been using secure ftp to upload files. How does the savvy webmaster upload his/her files?

 

[Engineer]

I use Filezilla, and I do use the secure method. It is labeled as "SFTP - SSH File Transfer Protocol."

I used to use the regular non-secure protocol, but Andy suggested I switch to the secure method a couple of years ago, so I did. I never had a problem with the old way (I was never hacked or anything), but I didn't see a disadvantage to switching to the secure method, so I just made the switch and didn't really notice a difference.

 

[bonusgeek]

Thanks Dave, I've never had a problem doing regular ftp either but I'm with you, if there isn't a downside might as well transfer files as securely as possible.

Maybe you can help me out with one more question. Do I need to set up new ftp accounts to be able to connect via sftp or should my current ftp login work? I tried with dreamweaver and that didn't work but that didn't surprise me. So then I tried sftp using the smartftp client and that didn't work either. So I am trying to figure out what needs to be done by me to be able to use sftp moving forward.

 

[Engineer]

I am using the same user ID and password as before; the only change that I can see is that the dropdown is set to SFTP instead of regular FTP. I didn't have to set up new accounts; I just changed the setting to SFTP on the existing accounts.

Sorry I don't know why your programs aren't working... Maybe try it with Filezilla instead -- it's free.

 

[Guard Dog]

The current FTP login will work, you simply change the method of transport to SFTP (SSH/FTP) and it should work (at least it always has for me).

I use WS_FTP for all my file uploading, but I don't see why Dreamweaver should be any different.

 

[Daera]

I love Filezilla.

 

[bonusgeek]

Thanks Guys, I couldn't get it working with DW but got it working with filezilla.

 

[rak]

I use cute ftp pro.. it has sftp using ssh2.

One of the servers I have, has been setup so that you have to use SFTP to connect to it. Regular FTP throughs you back out.

 

[slotplayer]

Just an FYI

Has to be enabled for GoDaddy

Under - Hosting Control > Settings Select SSH

To enable SSH, enter your phone number and click Enable. Our hosting operations teams will call you in approximately 10 minutes with a PIN. Entering the PIN below and clicking Verify enables SSH for your account.

After SSH is enabled, you can use the SSH client of your choice to connect to your hosting server securely.

 

[bonusgeek]

Just an FYI

Has to be enabled for GoDaddy

Under - Hosting Control > Settings Select SSH

To enable SSH, enter your phone number and click Enable. Our hosting operations teams will call you in approximately 10 minutes with a PIN. Entering the PIN below and clicking Verify enables SSH for your account.

After SSH is enabled, you can use the SSH client of your choice to connect to your hosting server securely.

Good to know, thanks.

 

[bonusgeek]

I use cute ftp pro.. it has sftp using ssh2.

One of the servers I have, has been setup so that you have to use SFTP to connect to it. Regular FTP throughs you back out.

That's interesting Rakesh. Im gonna check into something like this with my main websites.

 

[Aussie-Dave]

I love Filezilla.

So do I but my two VPS's don't. They crack the sh#ts with the multiple connections. I have other sites on shared hosting here in OZ and they're fine.

Keep forgetting to contact support (both VPS's are fully managed) and get them to sort this issues out as Filezilla certainly hammers the files up when running on all cylinders.

As as back up I use Core_FTP...

I don't use Dreamweaver's FTP facility any-more after hearing issues about it being not too secure.


Cheers

Dave

 

[Guard Dog]

You can force Filezilla to *not* do that Easier than changing FTP clients, IMO.

 

[Aussie-Dave]

You can force Filezilla to *not* do that Easier than changing FTP clients, IMO.

Thanks mate

I've tried to lessen the number of connections in options but it still causes issues. I've had time out issues with both VPS plans going way back to 07 when I first got them. Something to do with the firewalls. Support fixes the issue. But when they do upgrades they forget to keep the settings and they revert back to generics. Damn frustrating I can tell you.

I'm sick of writing support tickets for this issue. But I'll have to pull the digit out and make sure this time they fix it for good.

Maybe this is what's causing the Filezilla issue.


Cheers

Dave

 

[dojo]

Anyways by question is does anyone here use secure ftp when uploading their website files? I recently read that regular ftp shows usernames and passwords in plain text, so I am just curious how other webmasters upload files. I use dreamweaver for all my websites, but I have not been using secure ftp to upload files. How does the savvy webmaster upload his/her files?

I know this is an old post but I have some relevant info on this that you should know. Saved Filezilla passwords are wide open unfortunately. If your machine gets hacked, your empire is vulnerable.

1. Hit Ctrl+Alt+Del to bring up Task Manager
2. Select File->Run...
3. Type in %appdata% and hit enter
4. Look for a folder called Filezilla and open it
5. Use a text editor to open the file recentservers.xml

I do have a fix* supplied on another forum but I'm unsure about forum rules here for posting code so I'll ask a mod to give me the green light

Paul

*It worked for me!

Backup your target files before making any changes!!

 

[Guard Dog]

I do have a fix* supplied on another forum but I'm unsure about forum rules here for posting code so I'll ask a mod to give me the green light

Paul

Go ahead an post that, Paul! That is good, quality information. I use WS_FTP, so I don't think I have that issue.. but now I am going to do a quick search to verify

 

[dojo]

Hey Andy, cheers

I don't normally share code between Aff forums however this addresses a security vulnerability that we should all be aware of. Please be clear that after doing this you won't have saved passwords in filezilla - it's a loss of a handy feature but could save a lot of heartache. YMMV

I have used this method and my password files show as empty so it definitely works but be sensible when editing any code - I've no idea if/how this works for mac users, sorry

Thanks to SkolVikings at the other place for sharing this fix

-------------------
1. Close FileZilla if it's running.

2. In Windows Explorer, browse to "%appdata%\FileZilla" (or use the method in my earlier post)

3. Backup the following files - Do not edit any code without a backup, no mater how simple!!

* recentservers.xml
* sitemanager.xml

3.1 Edit those files using a text editor

4. In the recentservers.xml file, delete everything between <RecentServers> and </RecentServers> and save the file.

The contents of the file should now be similar to this:


<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<FileZilla3>
<RecentServers>
</RecentServers>
</FileZilla3>

5. In the sitemanager.xml file, delete everything in-between <Servers> and </Servers> and save the file.

The contents of the file should now be similar to this:

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<FileZilla3>
<Servers>
</Servers>
</FileZilla3>

Warning: Removing this information from the sitemanager.xml file will delete all the stored FTP site user/password information. If you don't have a copy of this information anywhere else, you will want to note it down somewhere secure before deleting it from the file - The backups of the original files will do but save them as a text file under a new name like 'grandmas-christmas-card-list.txt' and in a different directory, different machine or flash drive so a hacker can't find them if they do get onto your machine - sensible precautions.

6. Open "C:\Program Files (x86)\FileZilla FTP Client" or "C:\Program Files\FileZilla FTP Client" (depending on your version of Windows)

7. Using the text editor from step #3.1, create a new file named: "fzdefaults.xml"

8. Paste the following XML code as the contents of "fzdefaults.xml" and then

save the file:

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<FileZilla3>
<Settings>
<Setting name="Kiosk mode">1</Setting>
</Settings>
</FileZilla3>

9. From now on, FileZilla will not store any passwords whatsoever. If you want to setup your sites in the FileZilla Site Manager, in the Logon Type drop-down
menu, choose "Ask for password." (But don't worry, you'll get prompted with an error if you pick the wrong setting.)

10. Whenever you connect to a site, it's okay to checkmark "Remember password for this session." That just keeps the password in memory while FileZilla is open. It has nothing to do with saving the passwords in clear text on your hard drive.

Summary: It sounds like a lot of steps, but actually it's really easy. Some will argue that a person shouldn't have to go through all of this to secure an FTP client, and they have a point. I'm not trying to argue that.The point of this post is merely to show you the steps needed to secure FileZilla, if it's the FTP client that you choose to use.

-------------------

HTH

P