Using FTP can get you Hacked! Learn from my experience, Use SFTP from now on…

Now you may ask, why this post? Because I faced it! My FTP Account was being hacked. I don’t know how but Hackers had somehow got access to my FTP account and they were using three of my Domains for BlackHat SEO and for Spreading other Malware. I was somehow saved that they did not use this Blog for any corrupt activities.

My Hosting Provider (i.e. DreamHost) contacted me after suspicious activity with my FTP account. They noticed that my FTP account was being used by about 130 IP addresses since the last 30 days from 17 countries. Of course, they didn’t expect me to travel 17 countries in a month so they mailed me that they are suspicious of some illegitimate activity through some of my domain names.

They asked me to change the Password of my account and shift to SFTP(port number 22) instead of FTP(port number 21). I hurriedly changed the password of my account and started using SFTP. Even though the Slow Speed is pissing me off, its better than being hacked!

On further investigations, I came to know that there was no evidence of a server side hack. FTP passwords were collected by the botnet via malware/virii installed on user computers. But I am currently using UBUNTU, so how come the botnet was installed on it? I am still puzzled, need to do some research over it now…

Now, How easy it is to hack FTP passwords? Its pretty easy!

FTP passwords are transferred unencrypted and so any person getting access to the transferred files (say, via a sniffer or any other man-in-the-middle attack) can retrieve your password easily. Contrary to this, SFTP transfers encrypted passwords so it is difficult for the hacker to retrieve your original password.

It also came to my notice that my FTP login was used by Russia/China based websites for Blackhat SEO and Malware distribution purposes by adding their hidden code into all web-pages of Three of my Domains. I immediately disabled those three domains from the control panel as I was not using those for my front-end websites.

The basic script that they inserted into my pages is located at I would not suggest you to visit this link without any Antivirus protection, even though Firefox is blocking it saying that “Malware was found” on this site!

I will write another post if I come to know some more details about such compromise. For the time being, it must be understood that SFTP is far more Secured that FTP!

  • Anish K.S @ Technics

    Thanks Rohit for the Alert.

  • Geoff Jackson

    Cheers for the heads up, glad you’ve got it sorted now.

  • Agent Deepak | Blogging, Marketing & Success

    I do not use FTP. Its not possible to use at college. Neither have I used it at home.

    Anyways thanks for the alert. We need to be alert and increase our security.

  • Denis


    Do you have Wine installed? They say, some trojans can live under Wine.

    There is a more realistic scenario. Did you log into your web sites from third-party Windows computers? This could be at your friends, in an Internet cafe, etc.

  • Rohit Sane

    @Denis: I am not using Wine! And I have not accessed the FTP with any other PC, except for my friend’s..

  • Thomas J. Raef

    While changing to SFTP will prevent the “sniffing” of passwords, on a PC with Windows, the password can still be stolen by a virus.

    The virus knows where many FTP programs (that also support SFTP) store their saved usernames and passwords.

    For instance, FileZilla on a Windows XP PC will have a file:

    C:\Documents and Settings\(Windows user)\Application Data\FileZilla\sitemanager.xml

    That has, in plain text, the address, username and password for each site accessed via FTP/SFTP.

    I think this is where Denis was going with his questioning.

    In order to defend against this, you might do well to use WS_FTP on any Windows PCs that you’ll be using to SFTP files to websites with. It encrypts the saved passwords.

  • Rohit Sane

    @Thomas: Can you tell me where are SFTP passwords stored on Ubuntu??

  • Melissa

    I had to learn this one the hard way. And on a corporate website too. Thank goodness whoever hacked the site inserted the code wrong, so it ended up just generating errors.

    Hard lesson to learn sometimes, but definitely a mistake that I will never make again!

  • Chandrashekhar

    Thanks for alerting FTP password hacking.Iam also planning to use SFTP

  • Steve

    hey Rohit,
    I found this post earlier via google. Thanks for writing it. I discovered a website I have had an “extra” folder with a bunch of junk pages with links. I deleted it, but it wasn’t a good feeling. I think they did it via http://ftp... I’d just like to know how… was it my fault, or my web hosts fault? Anyway, this is a real problem, and it’s a big bummer when you find out it’s been done to you! Steve

  • andkon

    Im having a problem in using SFTP because I only get an “Access Denied” during transfer. And when I tried using FTP only it works. What should be the problem of having an error of SFTP, Is the hosting responsible about this?