Networking / Beginners

Anonymous FTP Warnings

Here are some precautions to take before configuring anonymous FTP:

  • Responsibility. You are responsible for the files that are stored on your domain. This includes files that were uploaded by you as well as by anonymous FTP users.
  • Data Transfer. All the FTP downloads will be used in the calculation of the total data transfer for your account. You might end up spending money if the transferred data exceeds the limit.
  • Disk Space. If you allow people to upload files to your site, you should keep track of the disk space usage.

Securing FTP

The following list provides the measures you can use to secure your FTP server:

  • Ensure that you have properly configured the /etc/ftpusers file. This file should contain the list of users who are not allowed to access the FTP server.
  • If you need to disable anonymous FTP, you should remove the anonymous user ftp from the password file. In addition to this, verify that anonftp-version.i386.rpm package is not installed on your system.
  • Grant upload permissions carefully. Users should not be able to upload into the dev, bin, etc, and lib directories. You can edit /etc/ftpaccess to modify the upload permissions.
  • Use the noretrieve directive to deny transfer of selected files or directories.
[Previous] [Contents] [Next]