My FTP was hacked, what should I do next?

[SpaceBooger]

I use Phpbb (like this site) and Wordpress for most of my sites and just got the following as a trouble ticket from my hosting company:

We regret to inform you that we have found that your FTP password has been compromised. It is likely that it was stolen by a "hacker" (or someone with malicious intent against your account) or a Trojan. This means that your account is now vulnerable to malicious scripts. Your account will be completely cleaned from all known malicious code in the nearest time.

We have changed your FTP passwords to a temporary ones in order to protect your account. You may change them anytime at your hosting control panel. Important: Please do not use the old passwords, as this will only make your account vulnerable again. Please also note that some widespread Trojans have the ability to steal FTP passwords from a user`s local PC`s and send these passwords to hackers (or special bots which were made by hackers). To prevent re-occurrence, please understand that you will need to perform a full anti-viral scan on your local PC (using an in-depth scanner) prior to your next FTP login. We hope that these actions will protect your account from compromise in the future. Thank you for understanding in this matter, and we sincerely apologize for any inconvenience this may cause.

I am running malwarebytes and noticed that avira caught something and quarantined it yesterday... other than changing all my password for sites any other suggestions?

[Hatta]

In the future, avoid FTP at all costs. Passwords are transmitted in plain text, so anyone on your network segment or in between you and your host can read your password easily.


It sounds like what happened here is that your home PC got rooted, and they sniffed the password from there. The only safe thing to do when your machine is compromised is to nuke it and reinstall from clean media. You cannot trust a scan on a compromised OS. Rootkits can and do hide themselves in filesystems and lie to the OS about it.

[SpaceBooger]

In the future, avoid FTP at all costs. Passwords are transmitted in plain text, so anyone on your network segment or in between you and your host can read your password easily.


It sounds like what happened here is that your home PC got rooted, and they sniffed the password from there. The only safe thing to do when your machine is compromised is to nuke it and reinstall from clean media. You cannot trust a scan on a compromised OS. Rootkits can and do hide themselves in filesystems and lie to the OS about it.

Yeah, but I haven't used my FTP (or logged in) in over a month? Do you think all of my passwords are compromised?

[Hatta]

Probably. I wouldn't risk it.

[Ziggy]

In the future, avoid FTP at all costs.

I remember my A+ teacher was going on about how much trouble he use to have with his FTP. He said it wasn't worth using. Seems like people will hack it just for the hell of it. Just because they can.

[SpaceBooger]

From what I understand, there were multiple FTP logins from multiple countries in a short period of time. Thats how they figured out the password was compromised.
So I now have a fresh install of windows 7.

[Xonticus]

So whats the alternative to FTP?

[RCBH928]

i thought ftp was the only way to send files over the internet?
to a host server I mean

[jeffro11]

FTPS (over SSL) Everything is encoded. Many hosts however do not support this...

[RCBH928]

and you can do this ftps using ur regular ftp program?
like cute ftp?