Bobcares

Simple security for file upload – Enabling FTPS (FTP over SSL/TLS) in cPanel/WHM servers

by | Mar 7, 2017

FTP is a commonly used service by web users to transfer files, but it is inherently not secure. Stealing FTP login details is one of the most common ways by which websites are hacked.

It is easy for a hacker to sniff login details from an insecure network. In our role as Outsourced Tech Support services for web hosting companies, securing FTP server is a major task that we perform.

Using FTP over SSL will blunt a significant percentage of hacking attacks. Here’s how we protect the FTP sessions of our cPanel customers.

[ You don’t have to lose your sleep to keep your customers happy. Our Hosting Support Specialists cover your servers and support your customers 24/7 at just $9.99/hour. ]

What is FTP over SSL? How does it help?

As FTP by default do not provide encrypted data transfer, it is prone to many types of attacks such as port stealing, brute force, packet sniffing and so on. To encrypt the FTP connections, we configure FTP over SSL.

FTPS (FTP over SSL) means securing a FTP connection using SSL. The connection is authenticated using a username, password and SSL certificate. Both the control and data connections are encrypted using FTPS.

When connecting to the FTPS server, the FTPS client will first check if the server’s certificate is trusted. If the certificate is valid, the client would initiate a secure connection to the server and transmit data over it securely.

[ Running a hosting business doesn’t have to be hard, or costly. Get world class Hosting Support Specialists at $9.99/hour (get bulk discounts) ]

Enable FTP over SSL from WHM

In cPanel/WHM servers, enabling FTP over SSL can be done from the WHM interface:

Go to "Main" >> "Service Configuration" >> "FTP Server Configuration"
Select "TLS Encryption Support" >> Choose "Optional"

But merely enabling TLS encryption may not help establish secure FTP connections. If there are firewall rules that block the FTP ports, FTPS will not work.

But unnecessarily opening unwanted ports can lead to security issues. At Bobcares, we configure the server firewalls and open the relevant FTP related ports for the FTPS connection to be established properly.

[ Use your time to build your business. We’ll take care of your customers. Hire Our Hosting Support Specialists at $9.99/hr. ]

On the FTP client, enable FTP over SSL

For users to connect using FTP over SSL, they are given instructions on how to configure their FTP clients accordingly. For instance,

  1. In CuteFTP, click on File -> Site Manager.
  2. Click “New Site” and enter a name.
  3. Under the General Tab, enter the domain’s IP address, or domain name.
  4. Set the Protocol as “FTP – FTP Transfer Protocol”.
  5. Change Encryption to “Require implicit FTP over TLS”.
  6. Change the Logon type to “Normal,” and then enter the FTP username and password.
  7. Now “Connect”. Users would be prompted to approve or accept the SSL certificate and secure connection would be established.

For customers who have trouble connecting to FTP over SSL, we also enable SFTP (secure FTP), which is FTP over SSH and easier to configure in servers.

As additional security measures, Bobcares server experts also disable Anonymous logins and uploads, disable weak security ciphers, set maximum connection limits to the FTP server, disable root login and so on.

We also update and patch the FTP servers with the latest secure version to avoid exploits or hacks. Our Dedicated Support Specialists routinely help server owners ensure seamless web services for their customers.

If you’d like to know how you can better support your users, we’d be happy to talk to you.

 

STOP SPENDING TIME ON SUPPORT!

Do you spend all day answering technical support queries?

Wish you had more time to focus on your business? Let us help you.

We free up your time by taking care of your customers and servers. Our engineers monitor your servers 24/7, and support your customers over help desk, live chat and phone.

HIRE SUPPORT SPECIALISTS AT $9.99/HR

Bobcares provides Outsourced Web Hosting Support and Outsourced Server Management for online businesses. Our services include 24/7 server support, help desk support, live chat support and phone support.

0 Comments

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF