[Possible] Sublime SFTP Config File Detected
Description
A configuration file containing SFTP or FTP server credentials has been detected on the web server. Various file transfer clients, including Sublime SFTP (sftp-config.json) and FileZilla (recentservers.xml), store connection details such as hostnames, usernames, and passwords in plain text or weakly encoded formats. These files are intended for local development use only and should never be deployed to publicly accessible web servers.
Remediation
Immediately remove the exposed SFTP/FTP configuration file from the web server. Verify that similar configuration files are not present in other directories by searching for common filenames such as <strong>sftp-config.json</strong>, <strong>recentservers.xml</strong>, and <strong>filezilla.xml</strong>. Update your deployment process to exclude these files using <strong>.gitignore</strong>, <strong>.dockerignore</strong>, or build scripts. Example <strong>.gitignore</strong> entry:<br/><br/><pre>sftp-config.json recentservers.xml filezilla.xml</pre><br/>After removal, rotate all credentials that were exposed in the configuration file. Implement server-side access controls to prevent direct access to configuration files, and consider using environment variables or secure secret management solutions for storing credentials instead of configuration files.