Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

General Discussion

Filezilla issues and secure FTP's ?

I downloaded filezilla from their official page, filezilla project. Problem is, that is indeed bundled with crap.. and if you read carefully below on the download page, it is actually stated: "This installer may include bundled offers" I downloaded from their supposedly "safe" official site, without thinking about paying attention to possible threats because it was a software reccomended by TreeHouse, so I completely went for it and downloaded the thing. Right after that my pc was screwed, filled with malwares of all sorts, starting with a redirecting fake browser page called "sweet page", anytime I tried to open google chrome. Then after I tried to get rid of that by scanning the pc with some detecting software, it worsen and started doing things like not recognizing the cursor of the mouse, not responding to commands, etc.. plus the speed of my lapt-top was quite low compared to what it should have been, My only choice was to restore windows completely. I spent 40 euros to have that done by some tech shop. Now I'm kinda stuck. I'm afraid of all ftp clients, since I also have read articles on the topic, which states that all major ftp clients, especially the free ones, are targeted by damn hackers. I don't know what to to, because in order to keep studying and practicing with wordpress customization and development I need an FTP. I tried to make a child theme by directly uploading on my cp file manager, but it didn't wrok, because when I contacted the customer service, they said my files (meaning the style sheet of that template) were to big and that I needed an FTP client for that to work. Most ftp clients are not free and they cost a lot. Plus, like I said, after what happened with filezilla, I'm scared to download these kind of softwares. And I anyway, would like to use an easy to understand FTP. Not something too fancy and tricky. I've just seen that Zac Gordon suggested CyberDuck. I might try that. Is that gonna be safe :) and is it easy to use? Does anybody here know about that? Thanks

Honestly, if you're willing to learn - most Operating Systems come preinstalled with FTP utilities directly in the command line/terminal emulator. If you're moving a large amount of files, this is definitely the best and fastest way. Just write some bash scripts that handle the process automatically for you.

That being said, I've used FileZilla in the past and haven't had any problems. At the bottom of the FileZilla page, there's an MD5 Checksum you can use to verify you've downloaded FileZilla from the correct location, as well as an advisory regarding websites who mimic FileZilla and stick Malware in the installation. I have a feeling you downloaded from the wrong site.

4 Answers

Hi Gabriele,

Sorry for the experience you've had so far, no one should ever have to go through that but it appears FileZilla are playing a sneaky trick or their links have being compromised as their direct button does indeed go to a third party website that contains malware, however, their downloads page contains the correct and malware free versions which I've installed on my PC without any issues.

I know you're probably skeptical about installing it again but the link below does have good links which contain zero malware, I hope the below screenshots put your mind at ease as I have trusted FileZilla for 6 years.

No malware found in FileZilla

Malware free version

https://filezilla-project.org/download.php?show_all=1

Again, I'm sorry you had to go through this but thus far I've only seen malware in the direct download links which my anti-virus software blocks before it even gets to load.

For reference I use the following.

Hi Chris, Thanks for your reply. Like I pointed out before, I have downloaded filezilla from the very same link you posted, which is supposed to be the official page. Anyway, it's handled by SourceForge, and there comes the problem. By the way, I'm not a naive guy who doesn't know the internet, or doesn't check everything before downloading something. I can safely say I'm actually pretty wise 'bout those things. (I made that mistake because I thought that a paying online school such as this, would only suggest trustable links, but of course it's not tree house's fault! ..don't get me wrong on that. Those guys couldn't even know about that. Especially because, like you said, filezilla was considered to be safe, and indeed it was, a few years ago. PLEASE READ THRUOUGH THIS THREAD ON THIS FORUM: (read all 3 pages, especially on second and third page) ..and this is just one example, there are actually several similar discussions on the topic that can be googoled.

https://forum.filezilla-project.org/viewtopic.php?t=32476

Thanks a lot!

Gabe

Hi Gabriele,

Sorry for the delay in getting back to you, I've read through the post and everyone mentions going through to Sourceforge from the same link which as I confirmed does contain malware, as I said above I tested all the downloads at the above link against ESET along with an MD5 test which they passed as they're direct downloads instead of redirected downloads which the button on the FileZilla homepage is.

I've been running it for almost 24 hours now and my system is 100% intact and malware free.

[...] filezilla was considered to be safe, and indeed it was, a few years ago.

It still is, sadly the main download link appears to have being taken over whereas their alternate downloads page is perfectly safe. As I said I used FileZilla for years including up until last year but didn't require it anymore after moving to WinSCP, I switched not because of claims of malware but because I needed a better SSH solution which FileZilla didn't provide.


Again, I understand your concerns but I haven't found anything to suggest that the link I provided contains malware.


EDIT: Just for 100% clarity, I scanned it on VirusTotal as well which showed a clean result.

https://www.virustotal.com/en/file/43232cfd1f4bad51f7f4223bee8665371f40c0d4e31c33c3eec27259955e3ab2/analysis/1432365697/

I also found that the direct download is a bundled Sourceforge installer which is known for malware, the direct links are as I found 100% safe.

http://trac.filezilla-project.org/ticket/8888

Hi Chris, Alright then, thank you very much for helping, In the meantime I went for cyberduck. Hopefully it'll do its job. I truly believe the direct link it's virus free, but I think that the filezilla project shouldn't let those things happening, and there's no chance they wouldn't know what's going on on their pages. Thank you so much for answering my questions and reading through the forum, and testing the direct link. I really appreciate it!

Gabe

It's not actually an direct issue with FileZilla, the problem lies with the bundled installer that Sourceforge downloads instead of the direct executable but I do agree it shouldn't be that way.

Thank you so much for answering my questions and reading through the forum, and testing the direct link. I really appreciate it!

No worries, hopefully others will find this useful in the near future.