June 13th, 2010, 04:39 PM
FTP taken over by phishing site twice
Any advice on security practive you can give me?
I have twice had my FTP taken over by a Phishing site. I am the only person who knows the password and have not emailed it or shared in anyway.
Can a hacker see a password somehow when I use the FTP? I'm using Fetch on OSX?
I use logmein sometimes to view my computer remotely. Can a hacker use that maybe? I don;t know how this is happening? I'm planning to change hosting provider tomorrow but not sure if that is the leak.
June 13th, 2010, 04:41 PM
Actually yes, FTP is completely unencrypted.
However, the most likely culprit is insecure code on your site. Do you use any server side programming languages to provide dynamic content?
June 13th, 2010, 04:45 PM
Originally Posted by E-Oreo
No code - just a very simple HTML site. Its happend twice within 2 months and not to other FTP logins I have. Just this one in particular. At this moment I'm waiting for a new password as they have changed it. It currently hosts a fake BankofAmerica.com site.