Hacking A Lighthouse Site??

[Jen]

If you use Firefox, try FireFTP extension. Runs your FTP in a browser tab, you canjust choose SFTP from a dropdown menu - easy-peasy.

I say SFTP because most hosts allow that for shared hosting accounts, reserve SSL/TLS for dedicated & virtuals clients - since smaller bloggers tend to run on shared hosting, this is a workable option for protecting login data in FTP a bit better. IMHO.

[PetLvr]

I'd thought about the ftp route, and it still might be what happened (since only one site was affected). Did you switch to secure FTP? I've been wondering if I should, I guess that's better. I'm just so familiar with my WS_FTP LE. Yes it's old, and yes it's the free for home use edition.

That's what I use too! WS_FTP_LE It's my favorite of choice!

I didn't do anything like switch FTP programs or secure FTP .. but, I did a global switch of all passwords to all my FTP accounts .. first as a randomized password identical for all domains (tech support did that) and then, over the upcoming months when I was in the cpanel of each domain I would take a look and change it again to something different.

That WS_FTP_LE is a great program. I actually keep a zip file of the program online on one of my domains in case I ever need it while at a client's location in case of computer crash. I can't find a free version of that anymore online

[Sue C]

Looks interesting Jen. I downloaded it and will see how it works. The SFTP is more for virtual private servers (which I have) and dedicated servers (which PetLvr has) as it requires you to connect with SSH or a subsytem. I know of very few hosts that will allow SSH on shared accounts, except for jailed shell access.

The SSL/TLS doesn't require that, it's called FTPS, and may be just as secure. It generates its own certificate for ftp purpose, and you don't have to buy one.

I wasn't clear on the difference myself, but this post I read explains it fairly well. But I gotta say, that firefox addon just might do the trick.

That WS_FTP_LE is a great program. I actually keep a zip file of the program online on one of my domains in case I ever need it while at a client's location in case of computer crash. I can't find a free version of that anymore online

I hear you. I have used filezilla and had issues with it before. And I keep a local copy of the zip file of it, because of the same reason. It just works so great. I'm not sure if Oldversion.com has a copy anymore. But if anyplace had a copy, it'd be them.

[Jen]

Looks interesting Jen. I downloaded it and will see how it works. The SFTP is more for virtual private servers (which I have) and dedicated servers (which PetLvr has) as it requires you to connect with SSH or a subsytem. I know of very few hosts that will allow SSH on shared accounts, except for jailed shell access.

Thanks for that. Sue. Source of my (mistaken) sweeping generalization here was that Hostgator allows SSH on shared accounts, although you do have to request it. Yes, it's jailed but... with WinSCP or PuTTY, doesn't that do what we're looking for (secure the FTP transfers a bit better than default)??? ... I have this horrid creeping feeling that I've been living in a fool's paradise of complacency for the past few years, due to a great gaping hole in my knowledge. Can you explain all this in words of one syllable, so I (and others) can do whatever's possible to prevent a Haunted Lighthouses/PetLvr event of our own?

[Sue C]

Another reason Hostgator is so good.

I'm bummed now. That fireftp plugin wasn't compatible with my version of FF. And I am a holdout against an upgrade to 3.5 or 3.6. And I know Firefox is doing this to me on purpose to make me upgrade since I banish their popups. Oh, what to do what to do...

(Wondering if I can still do that trick of changing versions in the addon...)