15 Jul 2009

Protect your FTP transfers by using SFTP

Did you know that every time you connect to your ftp site using regular “ftp://” (or not specifying at all), your username and password are fully visible to anyone sniffing around at the right time, which exposes your site to being hacked.

Most reputable hosts these days support secure FTP, and if you’re using an average to good FTP program you can choose to connect using SFTP. Once you do this it will likely trigger a security certificate issue (which you just accept) and you’re on your way to having fully encrypted data transfers. In CuteFTP I simply connect to sftp://yummy-wakame.com instead of ftp://yummy-wakame.com, and it changes the ports and all the settings automatically for me. Depending on your FTP client it may be a little more complicated than this but its definitely worth a try. I now connect to all my clients websites in this way and thought I’d share.

Comments

  • Ms. Wakame
    October 21, 2009 Reply

    You need to contact your web host to notify them that there is a virus on the server so they can scan and clean the virus off. You also should install and run a good virus scanner. I recommend AVG Antivirus Free Edition.

  • Sanjay Kumar
    October 20, 2009 Reply

    I am Sanjay Kumar from India at Delhi. I would like to know how we are protect our FTP Account and how we create external FTP account.

    I don’t know about external FTP account bu my website: http://www.moneyinhands.com is infected during the FTP login, so please suggest me properly which types of steps we do follow to ignore this problem in future.

  • Bob
    August 1, 2009 Reply

    It’s always good to use SSL where available.

  • Mark Frese
    July 16, 2009 Reply

    heheh yeah I just happened to see that facebook post right after looking at the ticket and thought to myself "hey that name looks familiar."

  • Olivia Meiring
    July 16, 2009 Reply

    hahaha! no. please no. its just a facebook coincidence and we'll leave it at that 😛

  • Dan Foley
    July 16, 2009 Reply

    i still can't figure out why cuteftp won't go in sftp mode on my laptop. Desktop is working fine. Even edit plus working fine on my laptop.I suppose every time i send a support email olivia will now get a copy 😉

  • Mark Frese
    July 16, 2009 Reply

    Dan – in fact, it was I who answered your support e-mail last night 😉

  • Dan Foley
    July 16, 2009 Reply

    i suppose it will only happen when the server stop accepting ftp connections. As long as they do software will continue to offer it. Most terminal programs so still offer Telnet, but probably like putty, they default to ssh. i don't know does pair still accept telnet connections? (i can't remember the last time i telnet over.. putty always connects via ssh)

  • Dan Foley
    July 16, 2009 Reply

    probably answers some of my pair support email! It's time that i meet someone over at pair as i'm working with you guys with all my clients.

  • Olivia Meiring
    July 16, 2009 Reply

    Dan, meet Mark – Pair support. Mark has already met you 😛

  • Olivia Meiring
    July 16, 2009 Reply

    yeah. Im surprised that FTP programs dont attempt to connect that time the first time.

  • Mark Frese
    July 15, 2009 Reply

    I'm honestly surprised SFTP hasn't become the standard in the same way SSH has supplanted telnet.

  • Dan Foley
    July 15, 2009 Reply

    yup. That's why cute ftp is great. Just switch the connection type over and it's exactly the same, you don't even notice it.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.