Hundreds of websites owners left their SFTP/FTP password open to hackers, according to the recent report from Sucuri.
There is a file called "sftp-config.json" which is used by some SFTP/FTP clients to pre-configure SFTP/FTP connections to remote sites and it contains sensitive information including type of the connection, host name, user, password. All details are present in plain text format.
This file allows to connect and manage remote servers. The problem is when the admin mistakenly uploads the sftp-config.json in the remote server.
There is a file called "sftp-config.json" which is used by some SFTP/FTP clients to pre-configure SFTP/FTP connections to remote sites and it contains sensitive information including type of the connection, host name, user, password. All details are present in plain text format.
This file allows to connect and manage remote servers. The problem is when the admin mistakenly uploads the sftp-config.json in the remote server.
You may think who is going to upload this file to remote server. Yes there are some peoples. According to the researchers, there are hundreds of sites host this file in remote server.
After discovering the bug, researchers has emailed them to warn them about the problem . @Admin, make sure you never upload your ftp settings to the remote servers.