ozziegt Posted January 16, 2005 Share Posted January 16, 2005 I currently have a free 3 year account with another provider. I have referred 4 people over to you guys for their website. However, my account at my current provider keeps getting hacked. Thankfully they just put in an index.html file and leave everything else alone. I have a pretty secure password there. However, the provider just added SSH support so I use that exclusively for file transfers. If it gets hacked again, I am switching to someone else even though I have 3 years free with them. But I'm reluctant to switch to you guys if you don't offer a secure way of batch transferring files. Is it not a big security risk using FTP? I'm really paranoid now that my account has been hacked at least twice. Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted January 16, 2005 Share Posted January 16, 2005 Although there is no secure FTP you can use the File Manager within cPanel over secure https to do your uploads. With a large amoount of content (many pages) this process can be accomplished by first zipping all your files and transfer a single file through the File Manager. Once the file is uploaded you can extract the contents of the zip file using the same File Manager. Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted January 16, 2005 Share Posted January 16, 2005 As for a security risk using regular FTP, I have been using it for almost eight years now and have never had a problem. Is it possible? Yes, but probable, not so much. The few moments I am connected doesnt give a very large window unless someone is already "listening" or my computer is infected. The option above works if you feel you really need the extra security. Quote Link to comment Share on other sites More sharing options...
borfast Posted January 16, 2005 Share Posted January 16, 2005 If your site has been hacked so many times, the following possibilities comes to my mind: 1 - your password is very very weak; I'm assuming it isn't, based on what you say, so let's forget this first point. 2 - Your site has been hacked by someone who found out your password (as opposed to being hacked by someone who exploited a security flaw on the server) and you didn't change it; in this case, it may very well be a strong password but it's worthless. 3 - Your current provider doesn't know jack about security and their servers have more holes than a swiss cheese; if this is the case, I think I'd switch even if they'd offer me free service for life... 4 - Your computer is the one that got hacked by someone who knows you and that's how they got the password for your site. Although I do agree that secure file transfer would be good and would like to have it here on TCH, I know I've been using unsecure FTP for years and I never had any problems. And I even used it for some important sites that suffered some hacking attempts. Zero problems. As Rob pointed out, the few moments you are connected doesn't give a very large window unless someone is already "listening" or my computer (which is very very unlikely, unless point 4 above is true or is someone at your ISP) is infected. So relax and jump on board. Hey, the worst that can happen is that you get hacked again but that wouldn't be worse than what you have now, would it? Quote Link to comment Share on other sites More sharing options...
ozziegt Posted January 16, 2005 Author Share Posted January 16, 2005 If your site has been hacked so many times, the following possibilities comes to my mind: 1 - your password is very very weak; I'm assuming it isn't, based on what you say, so let's forget this first point. 2 - Your site has been hacked by someone who found out your password (as opposed to being hacked by someone who exploited a security flaw on the server) and you didn't change it; in this case, it may very well be a strong password but it's worthless. I changed it every time. 3 - Your current provider doesn't know jack about security and their servers have more holes than a swiss cheese; if this is the case, I think I'd switch even if they'd offer me free service for life... 4 - Your computer is the one that got hacked by someone who knows you and that's how they got the password for your site. I think it might be #3...it definitely wasn't hacked by someone I know. Technically, the only time your password can be snagged with FTP is when you are logging in...after that it isn't sent again. I'm guessing 1and1 doesn't know jack about security or they don't care since I am a free promotional customer. I e-mailed them numerous times without a response. Perhaps I am being paranoid after all. Osman Quote Link to comment Share on other sites More sharing options...
Head Guru Posted January 16, 2005 Share Posted January 16, 2005 No offense towards you or 1&1 but my take is. Is it really a free account when your spending your valuable time reloading the site and posting here about things. Free is free, but this clearly isnt free. When my furnace broke last year the repair man told me it would cost $1100 to fix it. It was 30 years old and needed replacing. So do I throw good money at bad or just bite the bullet and buy a new furnace. Maybe not a good example but goes along the same lines. It is not free if your spinning your wheels. In fact its just plain silly. Bill Quote Link to comment Share on other sites More sharing options...
Deverill Posted January 17, 2005 Share Posted January 17, 2005 Or, to say it another way, "Is it worth $4/month for peace of mind?" I had this situation with my last host. His machines were down more often than not so I had to monitor them myself and worry about them. I've gotten lots of good night's sleep since moving to TCH because these guys have all the gadgets and backup systems that THEY know when it's down and get it going ASAP so I don't have to. For me it's an easy decision. Good hunting for a new host or good luck trying to sleep at night. Quote Link to comment Share on other sites More sharing options...
TCH-Rick Posted January 17, 2005 Share Posted January 17, 2005 I would add a #5 to the possibilities that Raul mentioned, and that is an insecure script being run on your site. Most of the hacks we see are due to weaknesses in a script being run that has not been updated or patched. Quote Link to comment Share on other sites More sharing options...
ztrauq Posted January 21, 2005 Share Posted January 21, 2005 Hmm... while I've had many discussions on the TCH forums about secure file transfer (one of which I belive resulted in the .zip via secure CPanel suggestion), I've been using TCH for a number of years now, without any security problems that I've come across so far. Ironically, I work on a site that's hosted through a different provider that does allow for secure SSH/SFTP transfers, and it was recently hacked due to a message board vulnerability - strangely enough, I had similar boards on my account here, and none of them got hit. While I still think SFTP is the best way to go, I've been using CPanel and FTP here for quite some time, and haven't had any major security issues so far. I would say that there is always some risk to FTP - but I'm not sure how severe the risk is unless you're being directly targeted. I would worry more about keyloggers or spyware on your computer, which SFTP does not protect against. And, for the record, I've been able to use the CPanel workaround with good success so far, without it causing too much inconvenience - and I use FTP for really large bulk uploads, and only as much as I absolutely have to. Quote Link to comment Share on other sites More sharing options...
andreaplanet Posted January 23, 2005 Share Posted January 23, 2005 Actually with totalchoicehosting I (can) use FTP over SSH2 without any particular configuration. I am using securefx http://www.vandyke.com/products/securefx/ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.