Jump to content

Filezilla Errors, Security Weakness


Boojum

Recommended Posts

I've been using FileZilla 3.9.0.6 to upload files to my site. This worked well until yesterday, when I tried to update my "404" error page (whose URL I apparently cannot display in this post, so I attach a copy of the source file).

 

When I did this, the server returned a parsing error, complaining of an "unexpected" text string in lieu of/before the DOCTYPE declaration.

 

I carefully inspected the source page on my hard drive and found no such string, but as a precaution I copied the DOCTYPE declaration from another page that displayed correctly and uploaded again ... with the same result.

 

After several rounds of failed attempts to repair this problem, I restored the page from backup. Now it displays properly but is out of date.

 

On investigation, I discovered that FileZilla has a known security hole: It transmits passwords in clear text.

 

I now ask the advice of FileZilla experts on the forums.

 

1) Do you have any idea what would cause the parsing error I described, and is there a workaround?

 

2) Is it likely that the security breach explains this error?

 

3) Am I best advised to abandon FileZilla and download another FTP program?

 

4) If so, which one?

Edited by Boojum
Link to comment
Share on other sites

1) Do you have any idea what would cause the parsing error I described, and is there a workaround?

My best guess at this would be related to data type, but it can be caused many things such as firewall/antivirus programs to a bad connection. Try this page for a starting point, https://wiki.filezilla-project.org/Data_Type

 

2) Is it likely that the security breach explains this error?

This is probably the least likely issue, but I wouldn't rule it out. There have been issues over the years of fake/infected copies of filezilla.

 

3) Am I best advised to abandon FileZilla and download another FTP program?

If you choose to stick with it, review your settings thoroughly and insure your install came from the official source. Of course most important but maybe inconvenient, disable the option to store your passwords.

 

4) If so, which one?

I personally use SecureCRT as it fits my daily work needs, but it a paid program and a huge overkill for average FTP work. Prior to that I was using the free program WinSCP and as far as I know it stores the passwords in the Windows registry. (I'm assuming you are on Windows)
  • Like 1
Link to comment
Share on other sites

Thank you.

 

I did experience some connection problems yesterday thanks to router issues outside my control, so perhaps it was just that.

 

I'll try to update the page again tonight and see if the problem persists.

Link to comment
Share on other sites

Lovely.

 

I changed my CPanel password today as a precaution, and now FileZilla returns an authentication failure -- even after I manually updated the password in the program's Site Manager pane.

Link to comment
Share on other sites

Attempting to reconfigure FileZilla....

 

On built-in configuration testing, returns error 503. Possible firewall issue; unable to identify.

 

Arrgh.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...