When I saw personally the hack I mentioned earlier and them downloading’s FileZilla files made me think it was not for me. I’m not here to crap all over Filezilla & I’ve said everything I can on the matte, except… SO I encourage you to find out for yourself. I think anything I have said can be verified with google searches. developer, I’m sure you know there are still many more recent complaints about security and FileZilla, and I have to say with all due respect many of them state that your developer team were rude and flippant when dealing with user complaints. I have seen evidence with my own eyes of them downloading files out of Filezilla, They even setup a new site to transfer the files over to an outside IP address. Many of the security deficiencies come from the already hacked computer & FileZilla’s posture that “It’s not our problem its your machine that has been hacked”. I think that an already compromised computer & their knowledge of Filezlla’s existence on the hacked computer makes FileZilla client or server an easy mark for obtaining credentials… Maybe a simple export of the sites could do the trick. I get your points that most of the info is about older versions of the server and client. FileZilla Server has undergone thorough scrutiny by the Open Technology Fund’s Red Team Lab, who performed a penetration test and found only minor issues, none of which was a buffer overflow.Īdmin, did you rat me out to the developer guy? lol Those can be really bad.įileZilla Server implements various techniques to mitigate brute force attacks, like automatically banning connections from IP addresses that have shown to be malicious and throttling of login attempts if they keep failing.Īs for buffer overflows, none has been reported so far. There are ways to mitigate it (like rate limiting), but no system is fool proof.Ī buffer overflow on the other hand means that there is actually a bug in the program regarding memory management. If you just try to login with as many credentials as possible, you’re bound to stumble upon credentials that work at some point. It left its 0.x “beta” and its now at version 1.7.2, officially supported on Windows, MacOS and Linux.Īny login system is technically susceptible to brute force attacks. At the end of that year I was specifically hired to rewrite the FileZilla Server from scratch and make it portable across multiple platforms. I don’t know a lot about FileZilla Server except that it’s an FTP server for Windows, which by itself makes it not relevant for us.Īctually that was true only until 2019.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |