I will discuss how to secure your stored FTP sessions when using FileZilla to prevent unauthorized access in the event of computer theft.
Why should you be worried about your sessions being stored on your PC?
We live in a world where theft of computer devices is a reality. If you use any FTP program to gain access to your files on any hosting service you could imagine what damage can be done if someone had your login information. I bet you are saying: “Well I have a password on my computer so how could they even get in in the first place?”. The password you use to login to your machine is simply a password to gain access to your operating system. It is not a password to secure your files on the hard drive. All a thief would have to do is take out your hard drive and turn it into a slave drive and they would be able to browse all your files from that hard drive using another operating system.
Where are my FTP sessions stored in Windows?
FileZilla, like most programs, store your saved FTP sessions in a hidden directory called AppData (“C:\Users\[User]\AppData”). When I say “hidden” that simply means that someone who knows how to change folder permissions can easily make that directory visible. Within the AppData directory is a folder called “Roaming”. This is where you will find your FileZilla directory. Inside the directory you will see the files: “filezilla.xml, recentservers.xml, and sitemanager.xml”. These files contain your login information and passwords to each session you have stored in plain text. This means that all you have to do to get the information is right click the file and view in notepad or any other kind of text editing software.
In order to protect these sensitive files we must secure them in a hidden encrypted container also known as a hidden encrypted partition. To achieve this you must download an encryption program. You can also use an external hard drive or USB stick that you store in a safe place.
Once the encrypted container is installed you will need to move your FileZilla program directory (“C:\Program Files (x86)\FileZilla FTP Client”) to this container. It will be here that you will execute FileZilla when the container is mounted. Even though we have moved the program it will still store the information in the AppData directory. To counter this we must create a batch file to execute FileZilla.
What is a batch file?
A Windows batch file is simply a file with a set list of commands and instructions that tells Windows what commands to execute and in what order to execute them in.
Creating the batch file
- Move the files: “filezilla.xml, recentservers.xml, and sitemanager.xml” from the AppData/Roaming/FileZilla directory to your encrypted container.
- Create an empty text file in notepad and save it as “empty-text.txt” and save it in your encrypted container, external hard drive, or USB stick.
- Open notepad again to create a new file.
- Insert the following code into notepad (Make sure you change the directories to reflect your file locations):
copy "Y:\FileZilla\sitemanager.xml" "C:\Users\[user]\AppData\Roaming\FileZilla\sitemanager.xml"
copy "Y:\FileZilla\filezilla.xml" "C:\Users\[user]\AppData\Roaming\FileZilla\filezilla.xml"
copy "Y:\FileZilla\recentservers.xml" "C:\Users\[user]\AppData\Roaming\FileZilla\recentservers.xml"
"Y:\FileZilla FTP Client\filezilla.exe"
move "C:\Users\[user]\AppData\Roaming\FileZilla\sitemanager.xml" "Y:\FileZilla\sitemanager.xml"
move "C:\Users\[user]\AppData\Roaming\FileZilla\filezilla.xml" "Y:\FileZilla\filezilla.xml"
move "C:\Users\[user]\AppData\Roaming\FileZilla\recentservers.xml" "Y:\FileZilla\recentservers.xml"
copy "Y:\FileZilla\empty-file.txt" "C:\Users\[user]\AppData\Roaming\FileZilla\sitemanager.xml"
copy "Y:\FileZilla\empty-file.txt" "C:\Users\[user]\AppData\Roaming\FileZilla\filezilla.xml"
copy "Y:\FileZilla\empty-file.txt" "C:\Users\[user]\AppData\Roaming\FileZilla\recentservers.xml"
5. Save the file in notepad:
File > Save As >
Make sure you save it in your encrypted container, external hard drive, or USB stick.
File Name: FileZilla.bat
Save as type: All Files
Purpose of batch file
When you want to open FileZilla make sure you open it from the FileZilla.bat file and not the FileZilla.exe file. You will see a black command prompt screen pop up. Make sure you DO NOT close this screen while using FileZilla.
The batch file is going to first copy the files from your encrypted container to the AppData/Roaming/FileZilla directory. It will then launch FileZilla and allow you to connect to your stored FTP sessions. Once you exit FileZilla it will then move your files from the AppData/Roaming/FileZilla directory back to your encrypted container. Once this is done it will then copy the contents of the blank text file: “empty-text.txt” to your files in the AppData/Roaming/FileZilla directory. Once you dismount your encrypted container there is no possible way for anyone to retrieve your FTP login information because now the files that are within the AppData/Roaming/FileZilla directory are empty.
Now you can feel at peace knowing that if your computer is ever stolen they will never be able to get your FTP account information and passwords. This little tip is just a small bit of information on what you can do to prevent unauthorized access to your critical business assets.