TLS now supported with FTP

Our FTP servers now support TLS/SSL encryption of FTP passwords, adding more security to FTP.

Confusingly, there are a variety of different SSL/TLS encryption schemes for FTP offered by various FTP clients. The one we support is the most widespread, known as “explicit TLS encryption” of the FTP command channel. It’s defined in RFC 4217.

Encryption is supported by many popular FTP clients, including the FileZilla FTP client. (The quickest way to use it in FileZilla is to put ftpes:// in the QuickConnect “Host” box, then accept the “Unknown certificate”.)

Read the rest of this entry »

FTP virus spreading in new ways

An earlier blog post described how several of our customers got their personal computers infected by a new virus that has been spreading across the Internet. Initial versions of the virus spread themselves by reading a Web site’s FTP username and password stored on the PC, then downloading Web pages, inserting an “iframe” tag, and re-uploading the Web pages back to the server. As a proactive measure, we started scanning all uploaded files and stripping out any malicious “iframe” tags.

We are now seeing newer versions (commonly called “Gumblar”) which spread by inserting “script” tags with encoded JavaScript code. Because there are several variations of this approach, and because some legitimate commercial scripts use the same technique to hide their source code, we cannot perfectly identify and strip out these infections. Therefore, we will not automatically strip out the “script” tags from any upload file that looks suspicious.

Read the rest of this entry »

Protection against viruses that steal FTP passwords

Recently, several customers have told us that pages on their Web sites have been modified without their knowledge. Upon investigation, the customers found their computers had been infected with a virus that steals saved FTP passwords, such as the “Gumblar” or Trojan.PWS.Tupai.A virus.

We’ve taken a step to protect you against this problem (described below), but it’s wise to protect yourself, too.

Read the rest of this entry »