[wp-testers] Default.widgets.php Hacked? What to do?

Kirk M kmb42vt at gmail.com
Fri Jul 24 19:32:46 UTC 2009


I also, as a rule, don't store passwords locally. The single 
exception to this is FileZilla (Windows install) as it seems 
to give me no choice in the matter. And since it sends FTP 
login data to the server in plain text anyway does it really 
matter as long as your firewall and anti-malware protection is 
fully up to date? This is for local protection only since you 
can't do a damn thing once you hit the "Connect" button in 
FileZilla and your login data is out there for everyone to see.

And for these folks who found their sites had been hacked, 
what OS were they running? If Windows, we're they properly 
protected (firewall? Anti-malware program? Which brand?)

Just thinking out loud there...

Just on the off-chance that this has affected my Windows 
machine and possibly any blogs I administer via FTP (all on 
the same host) I did a full anti-malware scan on my Windows 
partition and thoroughly checked the sites I administer and 
everything's clean.

One thing I have to wonder about though. On a Windows 
(desktop) system would using Windows "Encrypting File System" 
(EFS) to encrypt the FileZilla (settings) folder and it's .xml 
files help prevent this type of thing from happening locally?

On 7/24/2009 10:09 AM, Jennifer Hodgdon wrote:
> Doesn't anyone besides me think it is a poor security practice to store
> FTP credentials on their PC at all? I realize it is a bit inconvenient
> at times to have to remember passwords, but if your FTP software is
> storing credentials in an unencrypted file, I think it is a HUGE
> security risk to let it store your FTP passwords. This also goes for
> your browser storing login passwords for your sites.
>
> --Jennifer
>
> Chris Jean wrote:
>> I did a lot of reading on this subject to ensure that I knew the full
>> scope of it. It's quite clear to me that the stolen FTP credentials are
>> definitely the cause of this specific issue:
>>
>> * Malicious “Income” IFrames from .CN Domains http://bit.ly/NgWFA
>> * Hidden CN Iframes Are Still Prevalent http://bit.ly/12uY53
>>
>> That said, you are quite right that getting a virus on your local
>> machine isn't the only problem. It is very important for WordPress users
>> to be aware that their site can be compromised by poor security
>> practices on or off their server.
>


More information about the wp-testers mailing list