Portal Home > Knowledgebase > Articles Database > Am I already hacked?
Am I already hacked?
| Posted by developer6543, 08-04-2014, 02:35 PM |
| Hi
Today I tried to connect to my ftp account with Cyberduck. There was a popup screen saying that I had an "Unsecured FTP connection" and that "The server supports encrypted connections. Do you want to switch to FTP-SSL?". I clicked on the "change" button which led to another popup claiming that the certificate was not trusted. I didn't take it seriously - I know it was a blunder! - and connected to the server. I was trying to download a file, but the file could not be downloaded. I managed to disconnect and connect again several times to download the file, which was to no avail. I decided to read the contents of the certificate upon whcih I came to know that I did not know the cert.
The details of the certificate which is named "localhost" are as follows:
Country: GB
State/provice: Someprovince
Locality: Sometown
Organization: none
Organizational Unit: none
Common name: localhost
Email Address: webaster@localhost
.
.
.
Is my FTP account compromised? I changed the password, but I do now know if any malicious codes are injected into my server.
I do not know what I should do or where to start now? Cyberduck still has the popup screens and claims that my server supports encrypted connections hinting at the existence of fake cert.
Any ideas would be highly appreciated.
Thanks
|
| Posted by MikeDVB, 08-04-2014, 02:59 PM |
| I would suggest hiring a server administrator to manage your server for you.
|
| Posted by Dwagar, 08-04-2014, 03:25 PM |
| Certificate doesn't look good. Maybe it's something you accidently installed in a back-end control panel or something. I would take MikeDVB suggestion and hire someone to check it out for you.
|
| Posted by developer6543, 08-04-2014, 03:38 PM |
| Dwagar & MikeDVB
Hi. Thanks for your suggestion. I might need to, but I am learning things. I prefer mainly to tackle my own problems and get advice from people.
Thanks anyways
|
| Posted by ovais, 08-04-2014, 04:44 PM |
| It seems to be a self-signed certificate, for further clarification you contact with Cyberduck
|
| Posted by quizknows, 08-04-2014, 07:16 PM |
| It's pretty standard a lot of places for the "stock" SSL on services like FTP to be self-signed until or unless you purchase and install a real one.
|
| Posted by HostingTheInternet, 08-05-2014, 02:16 AM |
| on the email address part did you mistype that? if you did the certifcate could, like the others have said just be a self signed certificate which is normal until you install your own, if you didnt mistype that on the forum thats not normal.
|
| Posted by developer6543, 08-05-2014, 03:05 AM |
| Hi
Thanks every one for your replies. It seems the cert is a fake one installed originally by the OS itself upon installation. I need to install a real one for my public server. So there seem to be no security risks involved.
Thanks
|
Add to Favourites 
Print this Article
Also Read
Pervent SPAM (Views: 533)