It saddens me quite a bit to have to write it, but, as a webmaster, I think I have to give this advice : if you too you use Filezilla, this is a WRONG choice.
Give up on it, and find an alternative
In short : Filezilla = MASSIVE security hole.
I’m explaining with more details below
Quite simply, Filezilla stores your usernames and passwords in plain text in an unprotected file, for both FTP and SFTP.
No master password, no obfuscation, no salt, no database storage, no – nothing.
On windows 7, this is in c:\users\username\AppData\Roaming\FileZilla\sitemanager.xml
Uninstall the program, the text file will still remain in there.
This was SO incredible, when I found out, I was shocked. To me, it was “evidently obvious” this would be protected.
Look, would you forgive your internet browser (Firefox, Chrome, IE, Opera, Safari…) or your email client (Thunderbird, Outlook Express…) if they were storing your passwords in plain exploitable text ? Not even “would you forgive” : could you forgive ?
And yet, the developers of Filezilla have made the unmovable choice to keep the passwords in the clear, available for anyone (see a discussion in which all sound pleas were rejected). Their argument is quite simple : protecting passwords is the user’s responsibility, and if you’re an elite experienced professional having full control and full knowledge, you don’t risk anything.
And if we’re not that perfect professional, but just a random person ?
You have no right to screw up. At all.
Nothing is done at all to reduce the amount of harm you’re exposed to if you screw up : fuck you lame newb with human defects.
So, the day you’re fucked because someone managed to access your machine (remotely, or a roommate who carelessly downloads suspicious pornmovie.exe files while you forgot to log off from your machine before leaving, or… anything, simply discovering an unidentified spyware has contaminated your machine is enough), this means that, as an added bonus, «merry surprise motherfucker !», all your sites are equally compromised as well, they could have been accessed behind your back.
If your FTP account is copied, anyone can upload/edit/delete/download files to your server.
If this is an SFTP account, then the person who copied your plain text username and password is now root on your server, full admin, and your machine can become another zombie, distribute CP, spam the world, or serve to copy commercial/banking data, serve websites while you had no idea it did, or any other sicker shit.
There would be two solutions :
– still use Filezilla but
> NOT allow the program to remember any password (impossible for me, I have passwords that are a pain to write and practically impossible to remember)
> Use a third-party program like Keepass to securely store your passwords and copy-paste them from keepass, and then paste them in the connexion dialog in Filezilla (still a pain in the ass, lots of time would be lost because of it, having to copy-paste the credentials every time)
– give up on this genious program ruined by ayatollah-like elitist security opinions, and opt for other programs that protect your credentials, like Winscp or Bitkinex. (Sorry, no idea for Macs and Unix/Linux machines, you may leave comments with recommendations if you like).
THE HENTAIRULES GIGATORRENT
Pick exclusively a precise file with a keyword search, or bulk leech like a madman, it's quick and easy