Anonymous FTP. Security Issues?

[craigedmonds]

Is enabling Anonymous FTP in WHM for all cpanel users a security issue for the server itself?

Of course I understand that if the cpanel user enables anonymous uploads, this is a security issue for his account but not for the whole server right?

 

[Freezer]

An anomynous ftp only invites people to try more... If you can without it, do it. There is no need to have anon ftp.

 

[chirpy]

Indeed. Anonymous FTP allows anyone to create files on the server without authentication. If a flaw is found in an FTP application (or any other app with access to the upload area) it then becomes much easier to exploit such flaws. For that reason you should only ever enable anonymous FTP if you really have a need for it and cannot provide the functionality any other way.

 

[sparek-3]

Since cPanel now allows you to set FTP user home directories outside of the public_html directory. I think it is a better idea to just set up an FTP account and give out the username and password to that FTP account to all interested parties.

Not the best idea to give just anyone the username and password, but still better than allowing unauthenticated access. Just be sure that the user's home directory is outside of the public_html folder (so they can't upload malicious scripts and then access them on the web through your account).

 

[RobertNikic]

Hello,

I would have to say that Anonymous FTP is a security issue for all users and the server itself, unless needed/requested by the user i would suggest to disable it for all users.

If you have any further questions, feel free to contact me.