{"id":246,"date":"2009-03-17T13:04:33","date_gmt":"2009-03-17T19:04:33","guid":{"rendered":"https:\/\/webhostinggeeks.com\/blog\/?p=246"},"modified":"2009-03-17T13:04:33","modified_gmt":"2009-03-17T19:04:33","slug":"practicing-ftp-security","status":"publish","type":"post","link":"https:\/\/webhostinggeeks.com\/blog\/practicing-ftp-security\/","title":{"rendered":"Practicing FTP Security"},"content":{"rendered":"<p align=\"left\">One of the most highly sought after features on the web hosting market is FTP.\u00a0\u00a0 Short for File Transfer Protocol, FTP provides a means for transferring data from your computer to the web host&#8217;s server.\u00a0 While the protocol is quite useful, FTP also presents many security risks and making yourself aware of them is crucial.<\/p>\n<p align=\"left\"><strong>Beware of FTP Attacks<\/strong><\/p>\n<p align=\"left\">FTP is ideal for transferring files to a remote location.\u00a0 However, you should know that in its purest form, this protocol is far from secure.\u00a0 FTP transmits your data over a network in plain text.\u00a0 If the transmission is intercepted, the contents of those files can be viewed by unauthorized parties.\u00a0 Furthermore, a knowledgeable hacker can use the FTP server as an entrance into your website.\u00a0 This is done by repeatedly trying to logon with an incorrect user password.\u00a0 In most cases, the profile is disabled after reaching the maximum threshold of three sign in attempts, thus giving the hacker all the ammunition they need to launch the attack.<\/p>\n<p align=\"left\">The most effective way to protect yourself from an FTP password attack is through the use of an FTP server logon exit program.\u00a0 This mechanism can provide security in the following ways:<\/p>\n<p align=\"left\"><strong>Rejecting logon requests <\/strong>by any user profiles that you have not granted FTP access to.\u00a0 With the use of an FTP server logon exit program, the logon attempts from the profiles you decide to block are not counted towards the maximum sign in count.<\/p>\n<p align=\"left\"><strong>Limiting the number of clients<\/strong> from which a user profile is able to access the FTP server.\u00a0 For instance, if someone from accounting is granted access, you can make configurations where only users with an IP address from the accounting department have FTP access.<\/p>\n<p align=\"left\"><strong>Recording the credentials and IP addresses of all FTP logon attempts<\/strong>.\u00a0 This allows you to regularly view the activity of each FTP logon attempt.\u00a0 If a profile is ever disabled for reaching the maximum count, you can use their IP address, identify the perpetrator and handle the matter accordingly.<\/p>\n<p align=\"left\"><strong>FTP Security Recommendations<\/strong><\/p>\n<p align=\"left\">Because FTP is naturally insecure, you may want to strongly consider backing it up with a reliable security mechanism.\u00a0 The most highly recommended is Secure Sockets Layer, or simply SSL.\u00a0 SSL is an encryption protocol that enables secure communications between the FTP server and client.\u00a0 It ensures that transmissions are encrypted, maintaining confidentiality and integrity for all data that passes through.\u00a0 This includes files as well as usernames and passwords.\u00a0 Most FTP severs support SSL through the use of a digital certificate which also provides additional security with client authentication.<\/p>\n<p align=\"left\">Though some recommend the use of anonymous FTP for the sharing of non-confidential data, this can be an even greater security risk.\u00a0 With anonymous FTP, anyone can upload to your server without a username or password.\u00a0\u00a0 They could be transferring pirated software or malicious files.\u00a0 Before taking such a gamble, be sure to weigh all the risks and take the appropriate measures to ensure that your FTP communications are secure.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>One of the most highly sought after features on the web hosting market is FTP.\u00a0\u00a0 Short for File Transfer Protocol, FTP provides a means for transferring data from your computer&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[9],"tags":[70,321,250,508,102,110],"class_list":["post-246","post","type-post","status-publish","format-standard","hentry","category-security-issues","tag-ftp","tag-hackers","tag-ip","tag-logon-exit-program","tag-security","tag-ssl"],"views":135,"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts\/246","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/comments?post=246"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/posts\/246\/revisions"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/media?parent=246"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/categories?post=246"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/blog\/wp-json\/wp\/v2\/tags?post=246"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}