SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Zealot
    Join Date
    Nov 2007
    Location
    Georgia , USA
    Posts
    51
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    how to securely upload/dl files to web host

    Until a month or two ago I had been using FileZilla with regular FTP to upload and download files to the websites I've been building. At the time I had no idea how unsafe FTP is. Only when I tried to backup my server onto my hard drive did I discover that I had viruses (backdoor PHP, and trojan redirect) on my server. Admittedly, they might have resulted from an exploit of insecure PHP code (I'm still getting the hang of PHP, and may still have vulnerabilities there). I suspect that they are resulting from using FTP to ul/dl files with my web host.

    I brought this to the attention of my hosting company, and they suggested I use FTP over explicit TLS. I've been doing that for about a month now, but suddenly I have new viruses on my sites.

    So, assuming for a moment that the viruses are not arriving through a PHP exploit, what method should I be using to safely transfer files to/from my web host (or clients web host) and my pc?

    And if the consensus is that my PHP code is the most likely problem, is there a "PHP file security scanner" type program out there that anyone can recommend? I've been building every type of security I know of into my PHP, but admit I don't have a strong grasp of what is needed and where. An app that points out my vulnerabilities would be great.

  2. #2
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    TLS is as secure as you can get. Thus, it's not from FTP, but rather due to vulnerabilities in the scripts you wrote or the software that you installed.

    PHP backdoors are usually installed through bad include/require statements or through bad file upload handling.

  3. #3
    SitePoint Zealot
    Join Date
    Nov 2007
    Location
    Georgia , USA
    Posts
    51
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for that info.

    An update: I stated that I downloaded all contents of my web hosting account about a month ago, scanned those contents and found not only Backdoor PHP viruses but also a trojan.JS.Redirector. I removed those from the hosting account immediately. Yesterday, I downloaded the contents of my hosting account again and re-scanned them: No viruses at all! Great, BUT... today when visiting two of my live sites using IE6 I'm seeing those Trojan.Js.Redirector warnings. Only in IE6. How is this possilbe? And what can I do about it?

    Aside from gaining an understanding of that issue, I'm hoping to get recommendations for a good SAFE vulnerability scanner. A google search revealed many choices, but I'm kinda paranoid and would like to know that others have safely used one of these before I try it.

  4. #4
    SitePoint Enthusiast
    Join Date
    Aug 2008
    Location
    Everett WA
    Posts
    80
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The warnings are probably due to your site being detected as an issue in the past, and it is not for sure saying it is a problem at this moment. That aside, you really need to find the source of entry to your site, that allows people to upload their own hack scripts, otherwise they will do it again and again. You need to close the door.

    FTP is not the problem here, though it is possible, it is a one in a million chance that a random FTP stream would be intercepted and viruses inserted. You would really have to be traversing a major ghetto of a network to need to worry about that. Scan your logs for weird access patterns, and strange POST activity, I am sure you will find which scripts need to be fixed or removed.
    Jonathan Kinney
    Data Systems Specialist
    Advantagecom Networks, Inc.
    http://www.simplywebhosting.com

  5. #5
    SitePoint Enthusiast Tim Greer's Avatar
    Join Date
    Aug 2001
    Location
    California, home of the bear...
    Posts
    54
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Contrary to what people say, using secure SSL/TLS encryption for transferring data isn't actually unsafe in and of itself. That is, the only way someone could see your data (password, login, etc.) from an FTP (or telnet or web) session, is to have super user access on the server you're connecting to. No one can just "listen" for plain text data across the network, they need high level access. If anyone has that sort of access, your site is at risk anyway. Say, someone controls the system you connect to, or its service, or they control the network the server is hosted on. They can do anything and don't need your password, so there's really not a high risk of using plain text for email, FTP, shell, etc., but it's still a good practice anyway.

    The reason why you still want to encrypt even if circumstances are dire, is for things such as even if someone does compromise the server and has that control, or of the network, they won't know your logins, especially if you use them on other sites or for other services online, which you shouldn't use the same passwords anyway. Other reasons are when you run through a proxy for your ISP connection, have it where someone inside or outside of your office can listen on the network (including tools that you can place near a fiber or cable line or phone line), and instances such as your own local WAN/LAN/office where someone could have the ability to listen to the data flowing across the network and pick out useful data.

    Of course, if your local system is compromised and has a key logger, etc., then you're doomed anyway, since it's capturing what you type on your keyboard, not capturing what's sent over the web (though it could, and it would still be unencrypted on your end anyway). There are a few other reasons to use secure methods when possible, and no one is suggesting that it doesn't help regardless, but this doesn't relate. If you have a weak password, if someone brute forced their way into logging into your account, then that would be one of several ways people usually gain access. However, in this case it sounds like the most common method, and that is to exploit vulnerable PHP/CGI scripts.

    You need to ensure you only use secure, patched or well coded scripts, to use them in a secure manner and configuration, and with good permissions set, and never use the same password for a database or script as you do for your Email, FTP, SSH or control panel logins, as if someone exploits your script to view a database configuration file and if you use the same password, then your script has now allowed them the ability to find out your account's main password, allows them to log in via several methods and control your site. Use secure scripts only, and hopefully your host implements methods to prevent other users from reading and accessing files across accounts, and use strong and unique passwords for each script, database and login/service, and you really will immediately combat 99% of all ways people have their accounts compromised.
    Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
    http://www.burlyhost.com/ Shared Hosting, Reseller Hosting, more!
    Industry's most experienced staff! -- Web Hosting With Muscle!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •