The last article in this series went over the options found on the cPanel WHM Tweak Settings page. Today you will learn how to secure FTP access to your server.
Anonymous FTP is used to give users of sites a place to upload files. Many of today's web sites implement file uploads internally though, so for most sites it is not needed. In some cases attackers make use of anonymous FTP access to upload software needed for an attack to the server and then use a security hole elsewhere to execute the software.
To disable Anonymous FTP scroll down the left column until you find the "Server Configuration" section, then click on the "FTP server configuration" link. Once the page loads change "Allow Anonymous Logins" and Allow Anonymous Uploads" to "No".
Next set "TLS Encryption Support" to "Required". This will require all FTP users to use encrypted connections. If a user really can't upgrade their FTP client to support this you can always change it back to "Optional" later.
While on this page confirm that "Allow Logins with Root Password" is set to "No". This ensures that an attacker can not attempt a brute force attack as the root user via FTP.
Now your server is somewhat secured as far as FTP is concerned. It is preferable to disable FTP completely, and do file transfers over SSH connections, but that generally involves allowing your users to have shell access and you have already disabled shell access. In the next installment of this series you will learn about the options in the cPanel Security Center.
No comments:
Post a Comment