This is not funny actually - Yesterday I received this email from from my joomla ISP.

"Hi,

We got a notification from a 3rd party company that your website was
compromised. When we investigated the accident we found that an intruder
had logged into your account over FTP and uploaded various files into
your account to use it in illegal spectrum. It was done on Apr 9 00:48:10. The
illegal files had been uploaded into:

/home/*****.net//public_html/deepens

To clean your website we removed the illegal content and reset your
cPanel/FTP password to:

---

However you need to do the
following in order to solve the problem completely.

1. Check all computers used by you to manage the website/account using
some latest antivirus software and remove all viruses/trojans if
something is detected.
2. Log into your cPanel( and sitebuilder ) from a clean computer and
reset your cPanel/FTP/Mail and sitebuilder passwords to something hard
guessed like

S893jc&4"

Thing is my FTP password was 18 chars long, and much of just random letters and numbers. Looking at the FTP logs I noticed that there were over 18,000 hits around April 9th, coming from a Russion porn site. I also noticed that around 10 obvious fake users registered at my brand new site. I have since disabled this JB feature. I am now not sure what to do with the Login screen in JB templates.

Anybody else?? Suggestions?

Joomla login and ftp should be independent.

If you do not want to allow registrations it can be disabled in Global Settings, I do not think it is a JB feature, the JB Login module simply provides and alternative interface to the standard Joomla registration.

If you do not want to allow new user registration but want to keep a login module, simple set "allow registration" under Global Configuration - Settings to No

Do make sure that the FTP layer is not enabled in Joomla!

it is not required in most cases and could provide easier access to FTP

Just edited and hid your password on that post Ray

You may want to change it again.

Cheers,
Jason.

Hello,
I have never enabled the ftp layer in my Joomla installations, and have often wondered if I was missing something.

Guess it's a good thing not to do it.

Ray, hope you were able to solve this without too much trouble.

Thanks,
Matthew

You're not missing anything Matthew! Leaving it disabled is the correct thing to do.

It's a last chance option to be used only when nothing else works, typically because file ownership and permissions on the host are all set incorrectly.