The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anonymous FTP. Security Issues?

Discussion in 'Security' started by craigedmonds, Jul 31, 2008.

  1. craigedmonds

    craigedmonds Well-Known Member

    Joined:
    Oct 29, 2007
    Messages:
    107
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Europe
    cPanel Access Level:
    Root Administrator
    Twitter:
    Is enabling Anonymous FTP in WHM for all cpanel users a security issue for the server itself?

    Of course I understand that if the cpanel user enables anonymous uploads, this is a security issue for his account but not for the whole server right?
     
  2. Freezer

    Freezer Well-Known Member

    Joined:
    Jun 13, 2005
    Messages:
    120
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Den Haag
    An anomynous ftp only invites people to try more... If you can without it, do it. There is no need to have anon ftp.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Indeed. Anonymous FTP allows anyone to create files on the server without authentication. If a flaw is found in an FTP application (or any other app with access to the upload area) it then becomes much easier to exploit such flaws. For that reason you should only ever enable anonymous FTP if you really have a need for it and cannot provide the functionality any other way.
     
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Since cPanel now allows you to set FTP user home directories outside of the public_html directory. I think it is a better idea to just set up an FTP account and give out the username and password to that FTP account to all interested parties.

    Not the best idea to give just anyone the username and password, but still better than allowing unauthenticated access. Just be sure that the user's home directory is outside of the public_html folder (so they can't upload malicious scripts and then access them on the web through your account).
     
  5. RobertNikic

    RobertNikic Active Member

    Joined:
    Jun 20, 2008
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Tampa Bay
    Hello,

    I would have to say that Anonymous FTP is a security issue for all users and the server itself, unless needed/requested by the user i would suggest to disable it for all users.

    If you have any further questions, feel free to contact me.
     
Loading...

Share This Page