RadioGeorge
asked on
Odd Problem with FTP File Transfer
One of my associates has been uploading files once a week via FTP for the past 5 years from his home office to one of my websites. There's never been a problem of any kind.
Today, as he went through the usual process, an error notice popped up. He was able to ascertain that the FTP program he uses, Filezilla, was denying access because of the username and password he was using.
He's been using the same one for a long time, and it does contain an assortment of letters, numbers, and special characters.
I'm guessing that there may be a variety of possible reasons for this problem, but I'd like to hear from the pros as to what steps I should take to address this.
Today, as he went through the usual process, an error notice popped up. He was able to ascertain that the FTP program he uses, Filezilla, was denying access because of the username and password he was using.
He's been using the same one for a long time, and it does contain an assortment of letters, numbers, and special characters.
I'm guessing that there may be a variety of possible reasons for this problem, but I'd like to hear from the pros as to what steps I should take to address this.
Did the ftp password get changed? It's FTP, so it's sent in plain text and someone could have intercepted it and changed it.
As Serialband said. FTP is not a secure protocol and should not be used over the internet because all credentials and passwords are passed in plain text. Anybody who can intercept the session whether by WiFi packet eavesdropping, tap or MITM can take control of that account. FTP should never, never, never be used on a public connection such as public WiFi.
SFTP is a better choice. Microsoft provides a command-line SFTP client called PSFTP, and many terminal emulators also support SFTP.
Regarding the password:
He's been using the same one for a long time
That's ... um ... less than good practice. It should be changed at least twice a year, quarterly is better, and generated randomly.
SFTP is a better choice. Microsoft provides a command-line SFTP client called PSFTP, and many terminal emulators also support SFTP.
Regarding the password:
He's been using the same one for a long time
That's ... um ... less than good practice. It should be changed at least twice a year, quarterly is better, and generated randomly.
If you're using FTP + the FTP password changed + you didn't change it...
Likely, per comments above, you've been hacked.
Running FTP is a guaranteed way to be hacked very quickly, especially if you're running WiFi.
If you're lucky only FTP has been hacked.
If you're unlucky, hopefully you have your backups handy.
Likely, per comments above, you've been hacked.
Running FTP is a guaranteed way to be hacked very quickly, especially if you're running WiFi.
If you're lucky only FTP has been hacked.
If you're unlucky, hopefully you have your backups handy.
log on to FTP server and reset the password ...
may be password policy applied... ?
check once
all the best
may be password policy applied... ?
check once
all the best
ASKER
UPDATE 9/15/2019
First, thanks to all who responded. I called tech support at my website host (HostMonster) this morning and spoke with a tech who actually had a Filezilla account available to him for test use. He tried the username/password that did not work for my associate, and it worked for him without any problem!
He then went on to say that the IP address changed awhile back and HostMonster is making that changeover for all of its accounts, but had not done so for all of them. I have the new I.P. address and have passed it along to my associate to implement. That will be done in a few hours and I will post an update here after we see if that solves the problem for your information.
First, thanks to all who responded. I called tech support at my website host (HostMonster) this morning and spoke with a tech who actually had a Filezilla account available to him for test use. He tried the username/password that did not work for my associate, and it worked for him without any problem!
He then went on to say that the IP address changed awhile back and HostMonster is making that changeover for all of its accounts, but had not done so for all of them. I have the new I.P. address and have passed it along to my associate to implement. That will be done in a few hours and I will post an update here after we see if that solves the problem for your information.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.