FTP sub-accounts (cPanel --> FTP Accounts --> Create)
According to a bunch of old posts, these sub-accounts cannot use SFTP. They can only use FTP. Plain-text FTP is susceptible to sniffing and is a security liability.
(A few years ago my PC "caught" malware that sniffed my FTP credentials and then used a bot to insert javascipt onto EVERY single page of EVERY single one of my websites that I had logged in to; even with auto-updating virus scanner and spyware scanners and updated Windows, this thing got through and silently collected all my FTP activity for weeks. SFTP would have nullified the sniffing.)
"A feature that forces passwords to be transmitted in clear test seems foolish. If users choose to be foolish on their own, so be it. But forcing users to be foolish is another story."
If optional SFTP for all FTP accounts is something you'd like to see in a future cPanel release, please vote on the cPanel features community:
SFTP access for virtual FTP users | cPanel Feature Requests
According to a bunch of old posts, these sub-accounts cannot use SFTP. They can only use FTP. Plain-text FTP is susceptible to sniffing and is a security liability.
(A few years ago my PC "caught" malware that sniffed my FTP credentials and then used a bot to insert javascipt onto EVERY single page of EVERY single one of my websites that I had logged in to; even with auto-updating virus scanner and spyware scanners and updated Windows, this thing got through and silently collected all my FTP activity for weeks. SFTP would have nullified the sniffing.)
"A feature that forces passwords to be transmitted in clear test seems foolish. If users choose to be foolish on their own, so be it. But forcing users to be foolish is another story."
If optional SFTP for all FTP accounts is something you'd like to see in a future cPanel release, please vote on the cPanel features community:
SFTP access for virtual FTP users | cPanel Feature Requests
