[Security] FTP Notification Messages
Monday, December 14th, 2009 - Security
Lately we have received a few messages from concerned users about the FTP Notification messages (mentioned in this post) and about the messages coming into the mail Inbox. First, let me state that the messages are for your information. In the past week or so we have had about 10 issues raised where users experienced hacking or malicious code being placed on their website, and these were all traced back to unauthorized FTP access. I cannot stress enough that had the users received these FTP notification messages, then some of these issues may have been avoided.
The purpose of the FTP notification messages are to let you know when someone access your account through FTP. Since the system cannot know what is legitimate and what is not legitimate, notices are always sent (once per hour, per IP, per FTP username). Reviewing these messages can greatly help you identify when your FTP information has been compromised. When you receive one of these notices and you know for a fact that you have not accessed your account via FTP, then this should set of alarms to you that something may be going on with your account.
With all of that being said, if you feel that the messages are cluttering up your Inbox, I recommend that you set up an e-mail filter or rule to deliver those messages into a separate folder in your e-mail program. Then review that folder and those messages on a regular basis. For information on how to set up an e-mail rule using Window’s new Windows Mail program see:
Organize e-mail using rules and folders
For example, you could set up a filter such that if the Subject line contains FTP Connection Alert – then move that message into a new folder named FTP Connections.
Setting up the filter is not really recommended because we feel it is best to be informed as soon as possible when there is a potential unauthorized FTP login. Setting up a filter may cause you to not recognize the login as soon as you would if it were delivered to your main Inbox. Still receiving the messages and filtering them out at least gives you a log of the incidents.
You can also find information for setting up filters for Outlook, Outlook Express, and Thunderbird.
Steven