Anonymous ftp login info needed

[Hansvg]

Hi,
Here is a newbie question:
I have set anonymous ftp and the possibility to upload to /incoming.
Normal ftp works fine with login as [email protected] with the password set in cPanel.
What do I do to login as anonymous and be able to upload that way?
Thanks in advance for any advice,

Hans

 

[romanus]

Does anybody have the answer to this?

 

[electric]

You need a static Ip address for the account if you want to use anonymous FTP.

Assign a static Ip, and then connect with fake login un/pw as anonymous user.

 

[calande2]

Does this mean that if I don't have a dedicated IP address I can't give access to a file using FTP (ie: in a download area).

 

[jandafields]

Yep, you must have a static IP. The reason is that when you ftp anonymously, you are logging in anonymously to the ftp server at your IP address. However, that IP address is shared by many people.

This is the same reason you can not access your site using just your IP. The apache http server makes provisions for shared IP with multiple domains, and looks at the domain name when you visit a site. With FTP, however, the FTP client will not send the domain name to the server, and the server would not look at it anyway. For FTP to work with multiple accounts on the same IP address, you must use a login name with FTP.

Just use http instead of ftp:

http://www.yourdomain.com/file.zip

 

[cPanelDavidG]

Does this mean that if I don't have a dedicated IP address I can't give access to a file using FTP (ie: in a download area).

Incorrect.

With cPanel/WHM, you can enable anonymous FTP access or create additional FTP accounts as needed (if you have sufficient access to do so on the server). However, instead of it being truly anonymous FTP (as in, just check a box and you're on the server) - you would have to give the user the user name of [email protected] rather than anonymous.

If you wanted the username to be anonymous... that's a different story.

 

[calande2]

Cool deal, David thank you. I'm able to access the anonymous FTP server using a shared IP address this way:

ftp://[email protected]:[email protected]/

 

[jandafields]

It looks like you still have a password of "password" on there, right?

 

[calande2]

Yes, I put something so that the browser doesn't prompts you. It could be anything actually in the password field.

 

[Spiral]

I personally do not recommend activating "Anonymous FTP" for security reason ...

If you MUST use anonymous FTP, you will need a dedicated IP on
the account where it is enabled.

LOGIN: ftp (OR) anonymous
PASSWORD: your email address

That is the typical login standard for Anonymous FTP servers

 

[calande2]

What security issues may arise? Isn't it just a different way of serving files like HTTP? (Software companies offer software download using ftp.example.com)
What do you think?

 

[Spiral]

What security issues may arise? Isn't it just a different way of serving files like HTTP? (Software companies offer software download using ftp.example.com)
What do you think?

Anonymous FTP is one of the most exploited entrances used by hackers to
gain a foothold in a server and if you know what you are doing (as do most hackers),
you can actually abuse the service to execute root escalated commands and in
some cases even give yourself root access ... or worse!

It doesn't matter if you are using ProFTPd or Pure-FTPd in regard to the known
security issues with "Anonymous FTP" because both have continued on going
issues with this particular item but ProFTPd is definitely worse in that regard.

 

[calande2]

cPanel shouldn't allow it then, if it's so insecure
But do you exploit a breach of the software? Even if you always have the latest patches? Can't you do the same with Apache?

 

[mboyden]

Two issues. Anonymous FTP using cPanel 11 and the changes since cPanel 10 (especially for accounts on shared IP). Second, how to do "semi-secure" anonymous FTP uploads/downloads.

First, in cPanel 11, the latest, with the changes to FTP, you can no longer use the traditional internet standard of a username of 'anonymous' or 'ftp' for a login name for shared hosting accounts (those on the shared IP address). You have to use '[email protected]' and '[email protected]'. This is a MISTAKE IMHO. cPanel broke the ability to have anonymous FTP which is a better protocol for the transmission of large files (over HTTP). [Note: any password will work and e-mail address is usually what is requested.]

However, if you have a dedicated IP address, then those standard logins work fine.

Finally, there are known good ways to allow ftp uploads. For instance, if you set the file permissions on the upload directory (incoming, although you could always make your own) to 733, then the files that are written are not readable by the outside world using anonymous FTP. This is what we do. Also, I make a "pickup" directory that has permissions of 711 so that I can place files there for "anonymous" pickup but without them being able to read the files in the directory.

Hope that helps!

 

[cPanelDavidG]

Two issues. Anonymous FTP using cPanel 11 and the changes since cPanel 10 (especially for accounts on shared IP). Second, how to do "semi-secure" anonymous FTP uploads/downloads.

First, in cPanel 11, the latest, with the changes to FTP, you can no longer use the traditional internet standard of a username of 'anonymous' or 'ftp' for a login name for shared hosting accounts (those on the shared IP address). You have to use '[email protected]' and '[email protected]'. This is a MISTAKE IMHO. cPanel broke the ability to have anonymous FTP which is a better protocol for the transmission of large files (over HTTP). [Note: any password will work and e-mail address is usually what is requested.]

However, if you have a dedicated IP address, then those standard logins work fine.

Note that this was the case in cPanel 10 as well (only dedicated IPs having true anonymous FTP). This functionality has not changed.