Shaggy wrote: Security is

greg — Thu, 08 Oct 2009 00:08:30 +0000

Shaggy wrote:

Security is only as good as your weakest link - and clear text over the wire is weak

I agree totally, but it's still about chances.
With "roughly" 30 to 40 MILLION (+) servers in the world, the chance that someone is analysing packets on your server's port 21 with ill intention is pretty slim.

That's not to say it wont happen to you, and if it does and they have access to your server files, it's going to be a real annoyance - depending on what they do.

But serious hackers tend to go for big sites with users credit cards, thousands of email addresses, use it to serve illegal files etc, and those hackers are "more likely" to use other exploits and vulnerabilities that will give access to server logs so they can leave no trace.
FTP doesn't usually give access to these logs.

That's not to say they wont sniff your data to analyse your activity first, but they likely wont use FTP to do the "deeds".

Small sites rarely get hacked other than from people learning or doing it for the sake of it, as there's nothing there worth hacking for.
So the majority who will get access with FTP by analysing/sniffing are likely going to mess around - delete all files, upload their own site or the usual "This site was hacked by "gxmax-hack-boy".

When you consider that even if you do get compromised, changing passwords, wiping what they did and re-uploading your BACKUP files isn't the end of the world, and importantly it's highly unlikely to happen, then it's not really something that "needs" to be catered for.
I might trip over tomorrow, do I wear a chin protector and leather gloves just in case?

Again, if you have anything personal, sensitive etc, or just want peace of mind that you are a bit more secure, as Shaggy does, then use secure transfer.

I have to disagree with the

Shaggy — Tue, 06 Oct 2009 14:39:19 +0000

I have to disagree with the statement that FTP is good enough for really anything outside your own controlled single user network. Maybe I'm paranoid ( I don't think I am ), but I have never, and would never consider sending user credentials 'into the cloud' in clear text.

There are many clients (including Filezilla mentioned) that make SFTP/SCP just as usable as FTP clients, but do not send passwords, nor file contents in clear text. Security is only as good as your weakest link - and clear text over the wire is weak.

Cheers,
Shaggy.

Hi Guys is there any html

rogenda — Sat, 03 Oct 2009 12:10:51 +0000

Hi Guys is there any html code I can use to disable a clients website after period of time if he is reluctant to pay.

I agree that for everyday

Greg K — Thu, 01 Oct 2009 01:50:57 +0000

I agree that for everyday websites, standard FTP should be pretty decent, again, the odds get pretty slim. However, consider that is not just the files you are transferring that are snoopable. It is also the login credentials you use for the FTP, so even if the files you are transferring are not that sensitive, keep in mine ANYTHING that can be accessed by that login.

If you are going do it across an unsecured wireless network, DEFINITELY do secure FTP.

I have my e-mail client on this laptop set to use nothing but secure connections to the mail server for that reason.

Again though, odds are pretty thin for the most part of being "captured"

-Greg

Consider the "chances" that

greg — Wed, 30 Sep 2009 22:57:41 +0000

Consider the "chances" that someone is sniffing your data between your network and the server you are transfering to - pretty slim.

So if only basic web files, and your code is secure anyway (or only HTML and CSS) then there is little to worry about.
If you are uploading files that have some sort of security requirement, documents with sensitive/personal data, credit card details etc then yes you should probably be using a secure connection.
For day to day website code I see no real reason.

ftp runs on port 21 sftp

mrgilb — Wed, 30 Sep 2009 15:33:01 +0000

ftp runs on port 21
sftp uses putty to connect to sshd server on port 22