FTP Access Malware?

Discussion in 'Web Design and Development' started by arcticblue, Oct 19, 2013.

  1. arcticblue macrumors newbie

    Joined:
    Jul 13, 2008
    #1
    2 days ago I started getting rejections from FETCH FTP when accessing websites hosted on Bluehost. No trouble accessing FTP on GoDaddy or any other webhost. Bluehost tells me in 1 hour over 17,000 attempts were made from my ip to log in. tens of thousands attempts in 2 days. So they blacklisted my ip. I changed my public IP, accessed one account, then again got the "503 fetch access denied suspicious behavior" again on all accounts. All computers on my network scan clean. How is it a problem only on Bluehost and not any other service?
     
  2. SrWebDeveloper macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #2
    Assuming it's a LAMP setup on the remote and you got the same exact 503 before and after changing IP...

    I cannot address why it is happening, you took a good first step by changing your public IP and scanning your network. However, it is extremely insecure to use standard FTP - you should be using SFTP (secure FTP which uses ssh and encryption) and require a public/private key pair from now on.

    FYI: Generating a keypair is as simple on a Mac as going into terminal:
    ssh-keygen -t rsa -C "yourname@yourdomain.ext"
    (usa a passphrase when asked for max security)

    Then upload the pub key to the proper place. This might be managed via Control Panel or copy the id_rsa.pub to the remote host where is should be put in the user's ~/.ssh/authorized_keys with permissions 600. Ask their support if unsure.

    Or, there is always the option of using GIT with a remote repository which uses SSH/rsync and the same kind of pub/priv key. That way you can push from your local to the remote repository (i.e. github.com, free account/1 repo), ssh into your server's docroot and pull from the remote. Or maybe Bluehost has a repository you can use and all you do is setup the key and push from your local.

    Or, use rsync with ssh you can synchronize files between the two securely such as outlined here: http://beyondtheclick.ca/lab/technology/syncing-files-between-two-computers-os-x-using-rsync-ssh

    I never used Bluehost, so ask their customer service if they offer SFTP and a place to upload the key (usually in a control panel) and/or repo using GIT or SVN. Any of these, your security is vastly improved.
     

Share This Page