Lately, my only means of accessing the server is through "regular FTP" as stated by Filezilla.
The hosting support team iterated that testing work without encryption is not safe and it is advisable to use a temporary password.
There's no need to worry if your computer is not infected with harmful programs like hookers or loggers. In case of a static IP, restricting FTP access solely to it will ensure safety.
To be completely sure that the website is alright, either change the password or set a strong one from the beginning and not bother about it again.
In the case of an encrypted connection, the traffic can be intercepted in the same way, but it will not be possible to view it, since it is almost impossible to decrypt the raw "leaked" data.
As for the password - just set a strong, convenient password once and never worry about it again.
Classic FTP has two more secure implementations - FTPS (FTP+SSL) and SFTP (SSH File Transfer Protocol). However, they are considered implementations only conditionally as they use distinct technological solutions.
FTPS encrypts the connection using the SSL cryptographic protocol (or TLS based on it). SSL issues a certificate that verifies the source and client for receiving data. We encounter SSL daily as it is denoted by a lock in the URL bar for secure sites. FTPS uses identical commands as FTP, but with encryption. It is impossible for a third party to intercept or substitute traffic, only track the connection parameters and traffic volume estimation. Even though it has its benefits, not all FTP servers can support SSL.
SFTP is based on SSH (Secure Shell), which encrypts both commands and data. It uses only one port by default, which is simpler to safeguard than classical implementation's multiple ports.
SFTP is more flexible concerning security since it supports more ciphers than FTPS. Additionally, SFTP uses only one stream compared to FTPS, which uses at least two (the control and data streams). Therefore, FTPS may be faster than SFTP. Currently, FTPS is used only where there's no SSH support (and hence no SFTP). To work conveniently with these protocols, file clients like SSHFS for network drive connection via SFTP have been created.
I would strongly advise against using regular FTP (File Transfer Protocol) for transferring files to a web server, as it poses significant security risks that can have far-reaching consequences for your organization.
FTP is an outdated and inherently insecure protocol that transmits all data, including usernames, passwords, and file contents, in plaintext over the internet. This means that any intercepted FTP traffic can be easily accessed and read by malicious actors, leaving your sensitive information vulnerable to theft, manipulation, and misuse.
The dangers of using regular FTP are manifold:
1. Credential Theft: Cybercriminals can easily sniff out FTP usernames and passwords, which can then be used to gain unauthorized access to the web server and potentially the entire system. This can lead to a security breach, data theft, and the potential compromise of other connected systems.
2. Data Interception: All file contents transferred via FTP are visible in plaintext, making it easy for attackers to eavesdrop and steal sensitive data, such as customer information, financial records, or intellectual property. This can result in significant financial losses, reputational damage, and legal consequences.
3. Man-in-the-Middle Attacks: Attackers can intercept and modify the FTP traffic, allowing them to upload malicious files or alter the existing ones. This can lead to the compromise of the web server, the introduction of malware or backdoors, and the potential spread of the attack to other connected systems.
4. Compliance and Regulatory Issues: The use of insecure protocols like FTP can lead to non-compliance with various data protection regulations, such as GDPR, HIPAA, or PCI DSS. Failing to meet these regulatory requirements can result in hefty fines, legal penalties, and significant reputational damage for your organization.
To mitigate these risks, I strongly recommend using more secure file transfer protocols, such as FTPS (FTP over SSL/TLS) or SFTP (Secure Shell File Transfer Protocol). These protocols encrypt the connection, protecting the confidentiality and integrity of the data being transferred.
Additionally, it's crucial to ensure that your web server and FTP software are kept up-to-date with the latest security patches to address known vulnerabilities. Implementing other security measures, such as firewalls, intrusion detection systems, and monitoring mechanisms, can further enhance the overall security posture of your web infrastructure.