Currently set to No Index

Practicing FTP Security

One of the most highly sought after features on the web hosting market is FTP.   Short for File Transfer Protocol, FTP provides a means for transferring data from your computer to the web host’s server.  While the protocol is quite useful, FTP also presents many security risks and making yourself aware of them is crucial.

Beware of FTP Attacks

FTP is ideal for transferring files to a remote location.  However, you should know that in its purest form, this protocol is far from secure.  FTP transmits your data over a network in plain text.  If the transmission is intercepted, the contents of those files can be viewed by unauthorized parties.  Furthermore, a knowledgeable hacker can use the FTP server as an entrance into your website.  This is done by repeatedly trying to logon with an incorrect user password.  In most cases, the profile is disabled after reaching the maximum threshold of three sign in attempts, thus giving the hacker all the ammunition they need to launch the attack.

RELATED:  Examining the Chinese Influence on International Data Control

The most effective way to protect yourself from an FTP password attack is through the use of an FTP server logon exit program.  This mechanism can provide security in the following ways:

Rejecting logon requests by any user profiles that you have not granted FTP access to.  With the use of an FTP server logon exit program, the logon attempts from the profiles you decide to block are not counted towards the maximum sign in count.

Limiting the number of clients from which a user profile is able to access the FTP server.  For instance, if someone from accounting is granted access, you can make configurations where only users with an IP address from the accounting department have FTP access.

RELATED:  Will Web Hosting Companies Ever Be a Target of Cyber Attack?

Recording the credentials and IP addresses of all FTP logon attempts.  This allows you to regularly view the activity of each FTP logon attempt.  If a profile is ever disabled for reaching the maximum count, you can use their IP address, identify the perpetrator and handle the matter accordingly.

FTP Security Recommendations

Because FTP is naturally insecure, you may want to strongly consider backing it up with a reliable security mechanism.  The most highly recommended is Secure Sockets Layer, or simply SSL.  SSL is an encryption protocol that enables secure communications between the FTP server and client.  It ensures that transmissions are encrypted, maintaining confidentiality and integrity for all data that passes through.  This includes files as well as usernames and passwords.  Most FTP severs support SSL through the use of a digital certificate which also provides additional security with client authentication.

RELATED:  Top 3 Important Aspects of Web Hosting Security

Though some recommend the use of anonymous FTP for the sharing of non-confidential data, this can be an even greater security risk.  With anonymous FTP, anyone can upload to your server without a username or password.   They could be transferring pirated software or malicious files.  Before taking such a gamble, be sure to weigh all the risks and take the appropriate measures to ensure that your FTP communications are secure.

  1. Paul beddows
    Paul beddows
    August 9, 2009 at 12:54 pm

    BTW when I posted my comment it inserted http:// in front of the 2 file names. that should not be there.

  2. Paul beddows
    Paul beddows
    August 9, 2009 at 12:52 pm

    I was suffering from attacks through FTP, until my web host, ixwebhosting, introduced a simple solution. I upload 2 files to my root called http://ftp.allow & ft.deny. This allows me to name what IP addresses can have ftp access. Since then I have had no attacks. Its great. All hosts should do this.

    If you want to see if it will work on your host which it probably won’t, create these 2 files in this format using any editor and upload them to the root directory:


    ALL: All


    ALL: allowed Ip address
    ALL: allowed Ip address

  3. Scott Myers
    Scott Myers
    March 24, 2009 at 4:25 pm

    Consider using FTP/WatchDog ( to monitor FTP usage real-time. It makes it easy to keep tabs on FTP server usage (one to many servers); who’s using it, what they are doing with it, transmission of sensitive data, etc.

Leave a Reply

Your email address will not be published. Required fields are marked *

A world leading hosting company that provides fully-managed innovative and secure solutions, suitable for hosting small to medium-sized websites

Built on the best available technologies combined with Google Cloud for strong redundancy and application availability. Backed by skilled experts to address web security threats, a devops team to create advanced custom security solutions, and 24/7 sysadmins to watch over the platform. This powerful, hands-on approach makes your sites faster, safer, and easier to manage. Starting from only $3.95/mo.


* up to 30 days money back guarantee