The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anonymous ftp login info needed

Discussion in 'General Discussion' started by Hansvg, Jan 6, 2007.

  1. Hansvg

    Hansvg Registered

    Joined:
    Jan 6, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi,
    Here is a newbie question:
    I have set anonymous ftp and the possibility to upload to /incoming.
    Normal ftp works fine with login as user@domain.com with the password set in cPanel.
    What do I do to login as anonymous and be able to upload that way?
    Thanks in advance for any advice,

    Hans
     
  2. romanus

    romanus Well-Known Member

    Joined:
    Jul 17, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Does anybody have the answer to this?
     
  3. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    You need a static Ip address for the account if you want to use anonymous FTP.

    Assign a static Ip, and then connect with fake login un/pw as anonymous user.
     
  4. calande2

    calande2 Well-Known Member

    Joined:
    Jun 28, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Does this mean that if I don't have a dedicated IP address I can't give access to a file using FTP (ie: in a download area).

    :confused:
     
  5. jandafields

    jandafields Well-Known Member

    Joined:
    May 6, 2004
    Messages:
    426
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Yep, you must have a static IP. The reason is that when you ftp anonymously, you are logging in anonymously to the ftp server at your IP address. However, that IP address is shared by many people.

    This is the same reason you can not access your site using just your IP. The apache http server makes provisions for shared IP with multiple domains, and looks at the domain name when you visit a site. With FTP, however, the FTP client will not send the domain name to the server, and the server would not look at it anyway. For FTP to work with multiple accounts on the same IP address, you must use a login name with FTP.

    Just use http instead of ftp:

    http://www.yourdomain.com/file.zip
     
  6. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Incorrect.

    With cPanel/WHM, you can enable anonymous FTP access or create additional FTP accounts as needed (if you have sufficient access to do so on the server). However, instead of it being truly anonymous FTP (as in, just check a box and you're on the server) - you would have to give the user the user name of anonymous@yourDomain.com rather than anonymous.

    If you wanted the username to be anonymous... that's a different story.
     
  7. calande2

    calande2 Well-Known Member

    Joined:
    Jun 28, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
  8. jandafields

    jandafields Well-Known Member

    Joined:
    May 6, 2004
    Messages:
    426
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    It looks like you still have a password of "password" on there, right?
     
  9. calande2

    calande2 Well-Known Member

    Joined:
    Jun 28, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Yes, I put something so that the browser doesn't prompts you. It could be anything actually in the password field.
     
  10. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I personally do not recommend activating "Anonymous FTP" for security reason ...

    If you MUST use anonymous FTP, you will need a dedicated IP on
    the account where it is enabled.

    LOGIN: ftp (OR) anonymous
    PASSWORD: your email address

    That is the typical login standard for Anonymous FTP servers
     
  11. calande2

    calande2 Well-Known Member

    Joined:
    Jun 28, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    What security issues may arise? Isn't it just a different way of serving files like HTTP? (Software companies offer software download using ftp.example.com)
    What do you think?
     
  12. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Anonymous FTP is one of the most exploited entrances used by hackers to
    gain a foothold in a server and if you know what you are doing (as do most hackers),
    you can actually abuse the service to execute root escalated commands and in
    some cases even give yourself root access ... or worse!

    It doesn't matter if you are using ProFTPd or Pure-FTPd in regard to the known
    security issues with "Anonymous FTP" because both have continued on going
    issues with this particular item but ProFTPd is definitely worse in that regard.
     
  13. calande2

    calande2 Well-Known Member

    Joined:
    Jun 28, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    cPanel shouldn't allow it then, if it's so insecure :mad:
    But do you exploit a breach of the software? Even if you always have the latest patches? Can't you do the same with Apache?
     
  14. mboyden

    mboyden Registered

    Joined:
    Jan 19, 2005
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Two issues. Anonymous FTP using cPanel 11 and the changes since cPanel 10 (especially for accounts on shared IP). Second, how to do "semi-secure" anonymous FTP uploads/downloads.

    First, in cPanel 11, the latest, with the changes to FTP, you can no longer use the traditional internet standard of a username of 'anonymous' or 'ftp' for a login name for shared hosting accounts (those on the shared IP address). You have to use 'anonymous@domain.com' and 'ftp@domain.com'. This is a MISTAKE IMHO. cPanel broke the ability to have anonymous FTP which is a better protocol for the transmission of large files (over HTTP). [Note: any password will work and e-mail address is usually what is requested.]

    However, if you have a dedicated IP address, then those standard logins work fine.

    Finally, there are known good ways to allow ftp uploads. For instance, if you set the file permissions on the upload directory (incoming, although you could always make your own) to 733, then the files that are written are not readable by the outside world using anonymous FTP. This is what we do. Also, I make a "pickup" directory that has permissions of 711 so that I can place files there for "anonymous" pickup but without them being able to read the files in the directory.

    Hope that helps!
     
  15. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Note that this was the case in cPanel 10 as well (only dedicated IPs having true anonymous FTP). This functionality has not changed.
     
Loading...

Share This Page