FTP Account Access Details Hijacked

Advertisement

stakemaster
Joined:
Posts:
4

FTP Account Access Details Hijacked

It may just be a coincidence, but since I installed version 4.3.5 of WinSCP my cPanel access details have been hijacked and my email accounts have been used for spamming. HostGator support said:
From our experience with malware of this nature, the user account passwords are compromised though viruses/malware located on your local computer. This malware sniffs out passwords used and stored by FTP programs or e-mail clients.
Aren't WinSCP access details secure? I am doing a full virus/malware check but after 8 hours nothing has been found yet. What are the likely culprits for this kind of attack? Could it be a server-side issue? Support changed my access details in the morning but by early evening it had been hijacked again.

Please advise.

Reply with quote

Advertisement

NonaSuomy
Joined:
Posts:
6

Sure anything is plausible also the site you are using cPanel on could have an older version with exploitable holes in it if the webadmin has yet to update the code or enable harder security on it a lot of websites don't even hash and salt their passwords in the database where they are stored so the passwords can be seen in plain text or decrypted with easy to find pentesting tools. Also you yourself could have picked an insecure password that was easily bruteforced or maybe a former employee that knew the password etc or even a misguided webform you thought was yours that you were logging into but instead was a phishing attack.

There are so many variables you are never safe no matter what you do just do your best.

Quick google search brought up this:
<invalid hyperlink removed by admin>

For more information on the terms said above check out the articles below.
Good luck!

Reply with quote

Advertisement

consistency
consistency avatar
Joined:
Posts:
54
Location:
austria

Also keep in mind, that a standard FTP server does not use encryption, so everytime you enter your username and your password, it is sent unencrypted over the net, quite easy to sniff.

Also if you connect to your control panel without SSL, like http://... all the data you send and receive is unencrypted. Always try to connect via SSL like https://... then all data is encrypted.

Another security hole is email, nearly every provider is sending you the welcome email.
hello new customer, you panel can be found under https://..., your username is: foo your password is: bar
The email is unencrypted, so everyone who sniffs/gets/accesses the mail can login your panel.

After receiving a password via mail you should immediately login and change the password.

There are a lot more cases where someone can get your password, but I think you get the point, have you?

Reply with quote

Advertisement

You can post new topics in this forum