Anonymous ftp login info needed

Hansvg

Registered
Jan 6, 2007
1
0
151
Hi,
Here is a newbie question:
I have set anonymous ftp and the possibility to upload to /incoming.
Normal ftp works fine with login as [email protected] with the password set in cPanel.
What do I do to login as anonymous and be able to upload that way?
Thanks in advance for any advice,

Hans
 

romanus

Well-Known Member
Jul 17, 2004
68
0
156
Does anybody have the answer to this?
 

electric

Well-Known Member
Nov 5, 2001
789
10
318
You need a static Ip address for the account if you want to use anonymous FTP.

Assign a static Ip, and then connect with fake login un/pw as anonymous user.
 

jandafields

Well-Known Member
May 6, 2004
435
6
168
USA
cPanel Access Level
Root Administrator
Yep, you must have a static IP. The reason is that when you ftp anonymously, you are logging in anonymously to the ftp server at your IP address. However, that IP address is shared by many people.

This is the same reason you can not access your site using just your IP. The apache http server makes provisions for shared IP with multiple domains, and looks at the domain name when you visit a site. With FTP, however, the FTP client will not send the domain name to the server, and the server would not look at it anyway. For FTP to work with multiple accounts on the same IP address, you must use a login name with FTP.

Just use http instead of ftp:

http://www.yourdomain.com/file.zip
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,212
13
313
Houston, TX
cPanel Access Level
Root Administrator
Does this mean that if I don't have a dedicated IP address I can't give access to a file using FTP (ie: in a download area).

:confused:
Incorrect.

With cPanel/WHM, you can enable anonymous FTP access or create additional FTP accounts as needed (if you have sufficient access to do so on the server). However, instead of it being truly anonymous FTP (as in, just check a box and you're on the server) - you would have to give the user the user name of [email protected] rather than anonymous.

If you wanted the username to be anonymous... that's a different story.
 

Spiral

BANNED
Jun 24, 2005
2,018
8
193
I personally do not recommend activating "Anonymous FTP" for security reason ...

If you MUST use anonymous FTP, you will need a dedicated IP on
the account where it is enabled.

LOGIN: ftp (OR) anonymous
PASSWORD: your email address

That is the typical login standard for Anonymous FTP servers
 

Spiral

BANNED
Jun 24, 2005
2,018
8
193
What security issues may arise? Isn't it just a different way of serving files like HTTP? (Software companies offer software download using ftp.example.com)
What do you think?
Anonymous FTP is one of the most exploited entrances used by hackers to
gain a foothold in a server and if you know what you are doing (as do most hackers),
you can actually abuse the service to execute root escalated commands and in
some cases even give yourself root access ... or worse!

It doesn't matter if you are using ProFTPd or Pure-FTPd in regard to the known
security issues with "Anonymous FTP" because both have continued on going
issues with this particular item but ProFTPd is definitely worse in that regard.
 

mboyden

Registered
Jan 19, 2005
4
0
151
Two issues. Anonymous FTP using cPanel 11 and the changes since cPanel 10 (especially for accounts on shared IP). Second, how to do "semi-secure" anonymous FTP uploads/downloads.

First, in cPanel 11, the latest, with the changes to FTP, you can no longer use the traditional internet standard of a username of 'anonymous' or 'ftp' for a login name for shared hosting accounts (those on the shared IP address). You have to use '[email protected]' and '[email protected]'. This is a MISTAKE IMHO. cPanel broke the ability to have anonymous FTP which is a better protocol for the transmission of large files (over HTTP). [Note: any password will work and e-mail address is usually what is requested.]

However, if you have a dedicated IP address, then those standard logins work fine.

Finally, there are known good ways to allow ftp uploads. For instance, if you set the file permissions on the upload directory (incoming, although you could always make your own) to 733, then the files that are written are not readable by the outside world using anonymous FTP. This is what we do. Also, I make a "pickup" directory that has permissions of 711 so that I can place files there for "anonymous" pickup but without them being able to read the files in the directory.

Hope that helps!
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,212
13
313
Houston, TX
cPanel Access Level
Root Administrator
Two issues. Anonymous FTP using cPanel 11 and the changes since cPanel 10 (especially for accounts on shared IP). Second, how to do "semi-secure" anonymous FTP uploads/downloads.

First, in cPanel 11, the latest, with the changes to FTP, you can no longer use the traditional internet standard of a username of 'anonymous' or 'ftp' for a login name for shared hosting accounts (those on the shared IP address). You have to use '[email protected]' and '[email protected]'. This is a MISTAKE IMHO. cPanel broke the ability to have anonymous FTP which is a better protocol for the transmission of large files (over HTTP). [Note: any password will work and e-mail address is usually what is requested.]

However, if you have a dedicated IP address, then those standard logins work fine.
Note that this was the case in cPanel 10 as well (only dedicated IPs having true anonymous FTP). This functionality has not changed.