FTP servers
- Thread starter zjl56
- Start date
warpus
Sommerswerd asked me to change this
- Change the port from 21 to something a bit more obscure.
- Remove anonymous access
If you really want, you could even restrict access to your FTP server to specific IPs. That would suck for people w/ dynamic IPs that change often, though.
- Remove anonymous access
If you really want, you could even restrict access to your FTP server to specific IPs. That would suck for people w/ dynamic IPs that change often, though.
How easy stuff is depends on what software you're using... change port 21 to some 1083 or such, above 1024, don't allow anonymous access, don't give any users execute rights on files. You may also require everyone who connects to use SFTP. Oh, and lock users in their home directories.
Basically, as long as you follow the very basic precautions (lock users in directories, no anons, no execute rights), it's fairly safe. Of course, one could detect that you're running a FTP server, but gaining access to it would be a matter of knowing the username/password. Assuming that the passwords are fairly secure, you're fine - the random script kiddies on the Web won't be spending a week cracking your FTP anyhow.
Basically, as long as you follow the very basic precautions (lock users in directories, no anons, no execute rights), it's fairly safe. Of course, one could detect that you're running a FTP server, but gaining access to it would be a matter of knowing the username/password. Assuming that the passwords are fairly secure, you're fine - the random script kiddies on the Web won't be spending a week cracking your FTP anyhow.
warpus
Sommerswerd asked me to change this
If you're using a router you'll have to forward the port you pick to your local IP. If not, you'll be able to access your ftp site from the outside without doing anything else, as long as your firewall is set up properly (for that port).
aaronflavor
Warlord
FTP is not a secure protocol. It should not be used for anything where security is needed. FTP is of the last of a set of old insecure protocols that are dying (telnet) or are already dead (rlogin/rsh, rcp).
My first recommendation would be SCP, since its secure and fairly popular. There is the newer SFTP which is slightly more powerful, but it is quite new and not very well supported. There's also FTPS which refers to a set of protocols that are retrofitted for security, but there don't seem to be catching on. Another option you should consider is HTTPS, which has some limited file transfer capability, and is suitable for use with nearly all web browsers.
My first recommendation would be SCP, since its secure and fairly popular. There is the newer SFTP which is slightly more powerful, but it is quite new and not very well supported. There's also FTPS which refers to a set of protocols that are retrofitted for security, but there don't seem to be catching on. Another option you should consider is HTTPS, which has some limited file transfer capability, and is suitable for use with nearly all web browsers.
Similar threads
