Beware FileZilla FTP

Everything to do with using your own website to advertise your rental property. Design, usability, hosting, getting listed on the search engines, optimising your site, pay-per-click, etc, etc.
russellt
Posts: 353
Joined: Tue Dec 09, 2014 8:03 am
Location: Ivybridge, Devon, UK
Contact:

Beware FileZilla FTP

Post by russellt »

I discovered to my cost this morning that what I viewed as one of the stalwarts of the open source software world, FileZilla - the ftp client, appears to have gone over to the dark side.

I was invited to upgrade, went to the FileZilla website, was redirected to Sourceforge for file download and got stuffed with a whole load of difficult to remove malware.

Only then did I read the forum on FileZilla. They actively support the underhand way Sourceforge is including malware in the FZ download, and so the reputation of FZ has been trashed.

For all holiday cottage website developers/dabblers, beware FileZilla. Don't upgrade, and consider finding another FTP.

(Maybe CuteFTP or WinSCP - any opinions on those or others?)
Web: https://yofftoo.com/property/esmes-cottage
Twitter/Facebook/Instagram: @esmescottage
User avatar
French Cricket
Posts: 3058
Joined: Thu Apr 10, 2008 3:47 pm
Location: French Pyrénées
Contact:

Post by French Cricket »

Oh - sad :cry: - Filezilla's been one of my staples for years. Thanks for the heads up.

I have used CuteFTP and it did the job perfectly well, though I didn't find it so user friendly. Fortunately I have less need of FTP transfer these days since I migrated most of my sites to Weebly.
User avatar
greenbarn
Posts: 6146
Joined: Sat May 30, 2009 6:41 pm
Location: The Westmorland Dales, Cumbria

Post by greenbarn »

I use Cyberduck - seems to do the job okay and supported by cPanel.
SandyBeaches
Posts: 1071
Joined: Tue May 01, 2012 8:35 am
Location: Norfolk Coast

Post by SandyBeaches »

Thanks for the heads up - I use Filezilla for my PR job so won't be installing/upgrading to the new software and will stop using it.
User avatar
Cassis
Posts: 1080
Joined: Fri Jan 20, 2006 10:44 am
Location: Normandy/Pays de Loire border
Contact:

Post by Cassis »

Apparently this has been going on for some time (loads of complaints on Sourceforge, peaking September last year http://sourceforge.net/projects/filezilla/reviews) but I've not encountered any issues. I'm using version 3.10.3 which was the latest release in March this year. However, I don't update from a third party site like Sourceforge, but directly from https://filezilla-project.org/.

So maybe it's only third party sites that are the issue? :?:
Real name Phil
Moved to France in 2004
Likes ducks, nature, gardening, furniture restoration, DIY, rugby, blah, blah.
User avatar
Cassis
Posts: 1080
Joined: Fri Jan 20, 2006 10:44 am
Location: Normandy/Pays de Loire border
Contact:

Post by Cassis »

Filezilla says you won't have this problem if you update from the Filezilla site rather than Sourceforge or other third parties.

https://forum.filezilla-project.org/vie ... =1&t=31935
Real name Phil
Moved to France in 2004
Likes ducks, nature, gardening, furniture restoration, DIY, rugby, blah, blah.
russellt
Posts: 353
Joined: Tue Dec 09, 2014 8:03 am
Location: Ivybridge, Devon, UK
Contact:

Post by russellt »

You have to hunt around the FZ site to find the download which does not redirect to Sourceforge. For those of us who have trusted FZ for years, we just click the download link. This time I got more than I bargained for.

The Sourceforge FZ download page has been designed to look like you are downloading FZ. Only if you read the small print do you realise that you are downloading a bunch of cr*p.

This is being done with FZ's blessing. They could easily direct the main download link to the clean version, but they choose not to and seem happy to see their users get dumped with malware.

The slippery slope for FZ. So, I just thought I'd highlight it.
Web: https://yofftoo.com/property/esmes-cottage
Twitter/Facebook/Instagram: @esmescottage
User avatar
Cassis
Posts: 1080
Joined: Fri Jan 20, 2006 10:44 am
Location: Normandy/Pays de Loire border
Contact:

Post by Cassis »

Fair enough, you've got an axe and you're grinding it. I haven't had to do anything to avoid the dodgy downloads, I was just putting in my personal experience. Sorry if that gave offence.
Real name Phil
Moved to France in 2004
Likes ducks, nature, gardening, furniture restoration, DIY, rugby, blah, blah.
russellt
Posts: 353
Joined: Tue Dec 09, 2014 8:03 am
Location: Ivybridge, Devon, UK
Contact:

Post by russellt »

No offence taken whatsoever. You are right. Maybe i need to read the small print more often. I find EULAs a bit dull though. ;-)

(Note to self: stop trusting open source software developers)

It's interesting. I used to update FZ regularly no problems. This time, it signalled an error. So I went to the FZ website and the rest, unfortunately, is history.
Web: https://yofftoo.com/property/esmes-cottage
Twitter/Facebook/Instagram: @esmescottage
User avatar
kevsboredagain
Posts: 3207
Joined: Sat Jan 20, 2007 9:32 am
Location: France
Contact:

Post by kevsboredagain »

I use Filezilla daily and have not seen this. I'm on the latest version and have no Malware. However, I only update Fileziila from program itself. I'm not sure what is going on between Fileziila and SoureForge but I'd be really annoyed if SourceForge have started adding non removable components. It's bad enough being tricked into installing other crap when you install something but at least if you're careful you can avoid it.

You can download it directly without the SourceForge wrapper:
https://filezilla-project.org/download.php?show_all=1


Filezilla have published something to warn people of the problem and it's nothing new, it's been going on for 10 years. It can happen to any software. They are claiming SourceForge to be safe but I would hold off installing until this is resolved.

A useful tool for publishing websites by ftp is this:
http://www.cryer.co.uk/downloads/websitepublisher/

One click and it updates only the changed files.
Post Reply