FTP Privacy Question

skinnyl

skinnyl

skinnyl

Associate
Joined
26 Mar 2003
Posts
783
Hi there,

Just quick query about websites/ftp.

At work we have an FTP site we use to move large files to clients etc..

we have a web address eg www.work.com, but there's no website in the root directory, only files as we use it to send links to files to clients.

My question is, how private is this set up and what are the chances of anyone being able to list the contents and link to it? and if so what precautions might we need to take?

Thanks.
 
If there's no site behind the domain name then you're secure from http requests.

FTP, like anything, is hackable, by brute force if nothing else. You can setup secure FTP if you need extra security which requires key files to authenticate the incoming requests. Depending on the FTP server you use you can also block requests from specific IP addresses, or sequential retries after 10 attempts etc.
 
Ok thanks,

So as it is no one can list the contents of that site and my only concern should be ftp account name/password hacks?
 
Spunkey said:
If there's no site behind the domain name then you're secure from http requests.

FTP, like anything, is hackable, by brute force if nothing else. You can setup secure FTP if you need extra security which requires key files to authenticate the incoming requests. Depending on the FTP server you use you can also block requests from specific IP addresses, or sequential retries after 10 attempts etc.
Click to expand...

I think he means there is a webserver but no site there.

----
If that's correct then:
If the webserver is setup to allow directory listings then anyone can see what's there and even if they can't then they can still access files if they know or guess the address. You'd need to add password protection to the directory.
 
FTP should die already. It has enough security issues, and is a pain in the rear end to configure firewall rules to allow it.

You'd be better off just having a webserver if clients only download stuff, otherwise use SFTP. If you have a Linux box, OpenSSH should be on there already.
 
You must log in or register to reply here.
Back
Top Bottom