not having a file extension is not the problem. the problem is how files with no extension are transferred by the ftp program.Son of a Beach wrote:I'm not really affected by this (I never use FTP), but is there any reason why phpBB could not use some generic filename extension that is meaningless to MIME, and will not be executed on the web server?
Such as:
4932_89fc1b436d506276e1dd63b33c78d4f0.phpbb_attachment
A lot of web developers (myself included) don't use, and discourage, the use of FTP, as it is pretty insecure. This is for the same reason as telnet - the server can only handle usernames and passwords in plain text, so it is vulnerable to man-in-the-middle attacks. HTTP, POP and IMAP are all guilty of this too, but a rooted server is far worse than a hacked account on a website or hacked email account (in the majority of cases).Lumpy Burgertushie wrote:also, if you do not use ftp how do you transfer files to and from your server?
If a hacker gains FTP access, they could potentially execute a shell script that they have uploaded. Depends on how secure the server is, but it is entirely possible that if the hacker manages to gain access through FTP, they can then gain access to your server through a more powerful protocol such as SSH, through which they could use your server for spamming, part of a botnet etc. A server in a botnet is a server in a botnet - it doesn't matter what you're using the server for, you will get blacklisted, and your host will terminate your account.Martin Truckenbrodt wrote:you are right if you are talking about professional enviroments. I think for private and hobby enviroments it's okay to FTP of the data is not really critical.
Hello Callum,Callum95 wrote:... Okay, using FTP doesn't automatically mean that your server will become part of a botnet, but it's worth bearing in mind that it is entirely possible.
Noxwizard wrote:Please note that this discussion is not about why you should or should not use FTP or why client X is better than client Y.
Code: Select all
150 Opening ASCII mode data connection for acp_prune_users.html (3147 bytes)
Response: 150 Opening ASCII mode data connection for acp_ranks.html (3525 bytes)
Response: 150 Opening ASCII mode data connection for acp_prune_forums.html (3178 bytes)
Response: 150 Opening ASCII mode data connection for acp_profile.html (10279 bytes)
Response: 226 Transfer complete