[bjdea1]

There are a lot of hackers sniffing FTP network traffic lately.

Since FTP transmits usernames and passwords in plain text over the network, hackers are able to sniff (discover/steal) your clients usernames and password and store them in databases. They can then simply FTP into your users accounts, using mass FTP bots to modify thousands of webpages worldwide.

The best and only solution we found was to force SECURE FTP, in our case we chose FTPES (emplicit secure FTP). This then makes all FTP data transmitted over networks in encrypted format. That way hackers can't sniff your clients usernames and passwords.

PureFTP can be setup in WHM to ONLY ALLOW secure FTP connections. This is what we have done, now our users can only connect via FTPES (secure FTP).

Filezilla and FireFTP are both FREE FTP Clients and both support FTPES (FTP TLS), many more free FTP clients will include support for secure FTPES soon too.

I want to get this message out because this is one of the biggest security threats on the internet atm. Everyone should make their FTP server accept secure FTP connections only. As soon as we switched all our servers over to ONLY FTPES, all hacking activity completely stopped.