Getting Your FTP Passwords Scraped

by admin on February 23, 2010

Over the weekend, my ftp client was scraped by a Chinese trojan for access to my web sites. This was a pretty good trick as I wasn't on the computer the whole weekend because of the Olympics. Now I had passwords stored on the family computer in the kitchen which wasn't the smartest thing to do but hey, who knew?

Sunday night I was on the phone with my business partner and he was all of a sudden, hey what's up, the website is down! So I get on the phone and check with the hosting provider and every web site I own (or have access to) is getting knocked out.

So yeah, that's when I learn that there are Chinese trojans that scrape your PC looking for ftp clients like pureftp, coreftp, etc and if you store your passwords on them, they scrape 'em.

Then, once they get a hold of your passwords, they ftp in your account and download the virus that gets triggered if you use php in your website (and pretty everybody on Linux runs php on their web servers).

All yesterday, I was writing up tickets for web host support, trying to get all my web sites restored from backups. The clients sites got up first, with this blog not getting restored until early evening. So now you know why I was down yesterday.

So how do people know the Trojan is from China? Well the servers that load the virus (you can track the IP addresses in Apache logs) originate from China. Maybe in a few years, they will get as sophisticated as the Russians, who first write Trojans to get  PCs (outside their native country) acting  as 'bots for them.

I do know that the Chinese trojans are really annoying a lot of guys trying to make some coin on the internet. I've see (and used) block lists of Chinese IPs addresses, which basically deny access to your website to any computer that originates from China. That's how much of a pain these Chinese scrapers have become.

In the meantime, I have been resetting passwords on all my websites and making sure to NOT store them anywhere on the computer. Fun, fun, fun.

Comments on this entry are closed.