-3

Today I tried to connect to my ftp account with Cyberduck. There was a popup screen saying that I had an "Unsecured FTP connection" and that "The server supports encrypted connections. Do you want to switch to FTP-SSL?". I clicked on the "change" button which led to another popup claiming that the certificate was not trusted. I didn't take it seriously - I know it was wrong! - and connected to the server. I was trying to download a file, but the file could not be downloaded. I managed to disconnect and connect again several times to download the file, which was to no avail. I decided to read the contents of the certificate upon which I came to know that I did not know the cert. It was not mine, because I had not made any ssl certs at all for my ftp account.

The details of the certificate which is named "localhost" are as follows:

Country: GB State/provice: Someprovince Locality: Sometown Organization: none Organizational Unit: none Common name: localhost Email Address: webaster@localhost . . .

Now my question is if my FTP account is compromised? I changed the password, but I do now know if any malicious codes are injected into my server.

Any ideas would be appreciated.

developer
  • 555
  • 2
  • 8
  • 16

1 Answers1

2

You are making unsecured FTP connections, so anyone who can intercept your packets can compromise your account.

David Schwartz
  • 31,449
  • 2
  • 55
  • 84
  • Hi. I know that. But what is the certificate there. That is not mine. I just did not create it. – developer Aug 04 '14 at 20:17
  • It's the server's certificate. The idea is that encryption with no authentication or MITM protection is better than nothing. – David Schwartz Aug 04 '14 at 20:28
  • I know it is the server's certificate. I own the VPS but I did not create this cert. Can this be an instance of man-in-the-middle attack? – developer Aug 04 '14 at 20:42
  • @developer It certainly can be. But more likely the server just created a self-signed certificate by default. – David Schwartz Aug 04 '14 at 22:49
  • @Schwartz I have just removed all certs (there were two certs there, one ending with .ca) within the folder ssl.crt and the only key in ssl.key folder. However, still when I try to connect through my ftp account, the FTP client advertises that I connect with the fake certificate. How can I get rid of that fake cert? – developer Aug 05 '14 at 07:15