I discovered to my cost this morning that what I viewed as one of the stalwarts of the open source software world, FileZilla - the ftp client, appears to have gone over to the dark side.
I was invited to upgrade, went to the FileZilla website, was redirected to Sourceforge for file download and got stuffed with a whole load of difficult to remove malware.
Only then did I read the forum on FileZilla. They actively support the underhand way Sourceforge is including malware in the FZ download, and so the reputation of FZ has been trashed.
For all holiday cottage website developers/dabblers, beware FileZilla. Don't upgrade, and consider finding another FTP.
(Maybe CuteFTP or WinSCP - any opinions on those or others?)
Beware FileZilla FTP
Beware FileZilla FTP
Web: https://yofftoo.com/property/esmes-cottage
Twitter/Facebook/Instagram: @esmescottage
Twitter/Facebook/Instagram: @esmescottage
- French Cricket
- Posts: 3058
- Joined: Thu Apr 10, 2008 3:47 pm
- Location: French Pyrénées
- Contact:
-
- Posts: 1071
- Joined: Tue May 01, 2012 8:35 am
- Location: Norfolk Coast
- Cassis
- Posts: 1080
- Joined: Fri Jan 20, 2006 10:44 am
- Location: Normandy/Pays de Loire border
- Contact:
Apparently this has been going on for some time (loads of complaints on Sourceforge, peaking September last year http://sourceforge.net/projects/filezilla/reviews) but I've not encountered any issues. I'm using version 3.10.3 which was the latest release in March this year. However, I don't update from a third party site like Sourceforge, but directly from https://filezilla-project.org/.
So maybe it's only third party sites that are the issue?
So maybe it's only third party sites that are the issue?
Real name Phil
Moved to France in 2004
Likes ducks, nature, gardening, furniture restoration, DIY, rugby, blah, blah.
Moved to France in 2004
Likes ducks, nature, gardening, furniture restoration, DIY, rugby, blah, blah.
- Cassis
- Posts: 1080
- Joined: Fri Jan 20, 2006 10:44 am
- Location: Normandy/Pays de Loire border
- Contact:
Filezilla says you won't have this problem if you update from the Filezilla site rather than Sourceforge or other third parties.
https://forum.filezilla-project.org/vie ... =1&t=31935
https://forum.filezilla-project.org/vie ... =1&t=31935
Real name Phil
Moved to France in 2004
Likes ducks, nature, gardening, furniture restoration, DIY, rugby, blah, blah.
Moved to France in 2004
Likes ducks, nature, gardening, furniture restoration, DIY, rugby, blah, blah.
You have to hunt around the FZ site to find the download which does not redirect to Sourceforge. For those of us who have trusted FZ for years, we just click the download link. This time I got more than I bargained for.
The Sourceforge FZ download page has been designed to look like you are downloading FZ. Only if you read the small print do you realise that you are downloading a bunch of cr*p.
This is being done with FZ's blessing. They could easily direct the main download link to the clean version, but they choose not to and seem happy to see their users get dumped with malware.
The slippery slope for FZ. So, I just thought I'd highlight it.
The Sourceforge FZ download page has been designed to look like you are downloading FZ. Only if you read the small print do you realise that you are downloading a bunch of cr*p.
This is being done with FZ's blessing. They could easily direct the main download link to the clean version, but they choose not to and seem happy to see their users get dumped with malware.
The slippery slope for FZ. So, I just thought I'd highlight it.
Web: https://yofftoo.com/property/esmes-cottage
Twitter/Facebook/Instagram: @esmescottage
Twitter/Facebook/Instagram: @esmescottage
- Cassis
- Posts: 1080
- Joined: Fri Jan 20, 2006 10:44 am
- Location: Normandy/Pays de Loire border
- Contact:
Fair enough, you've got an axe and you're grinding it. I haven't had to do anything to avoid the dodgy downloads, I was just putting in my personal experience. Sorry if that gave offence.
Real name Phil
Moved to France in 2004
Likes ducks, nature, gardening, furniture restoration, DIY, rugby, blah, blah.
Moved to France in 2004
Likes ducks, nature, gardening, furniture restoration, DIY, rugby, blah, blah.
No offence taken whatsoever. You are right. Maybe i need to read the small print more often. I find EULAs a bit dull though.
(Note to self: stop trusting open source software developers)
It's interesting. I used to update FZ regularly no problems. This time, it signalled an error. So I went to the FZ website and the rest, unfortunately, is history.
(Note to self: stop trusting open source software developers)
It's interesting. I used to update FZ regularly no problems. This time, it signalled an error. So I went to the FZ website and the rest, unfortunately, is history.
Web: https://yofftoo.com/property/esmes-cottage
Twitter/Facebook/Instagram: @esmescottage
Twitter/Facebook/Instagram: @esmescottage
- kevsboredagain
- Posts: 3207
- Joined: Sat Jan 20, 2007 9:32 am
- Location: France
- Contact:
I use Filezilla daily and have not seen this. I'm on the latest version and have no Malware. However, I only update Fileziila from program itself. I'm not sure what is going on between Fileziila and SoureForge but I'd be really annoyed if SourceForge have started adding non removable components. It's bad enough being tricked into installing other crap when you install something but at least if you're careful you can avoid it.
You can download it directly without the SourceForge wrapper:
https://filezilla-project.org/download.php?show_all=1
Filezilla have published something to warn people of the problem and it's nothing new, it's been going on for 10 years. It can happen to any software. They are claiming SourceForge to be safe but I would hold off installing until this is resolved.
A useful tool for publishing websites by ftp is this:
http://www.cryer.co.uk/downloads/websitepublisher/
One click and it updates only the changed files.
You can download it directly without the SourceForge wrapper:
https://filezilla-project.org/download.php?show_all=1
Filezilla have published something to warn people of the problem and it's nothing new, it's been going on for 10 years. It can happen to any software. They are claiming SourceForge to be safe but I would hold off installing until this is resolved.
A useful tool for publishing websites by ftp is this:
http://www.cryer.co.uk/downloads/websitepublisher/
One click and it updates only the changed files.