Simple security for file upload – Enabling FTPS (FTP over SSL/TLS) in cPanel/WHM servers
FTP is a commonly used service by web users to transfer files, but it is inherently not secure. Stealing FTP login details is one of the most common ways by which websites are hacked.
It is easy for a hacker to sniff login details from an insecure network. In our role as Outsourced Tech Support services for web hosting companies, securing FTP server is a major task that we perform.
Using FTP over SSL will blunt a significant percentage of hacking attacks. Here’s how we protect the FTP sessions of our cPanel customers.
[ You don’t have to lose your sleep to keep your customers happy. Our Hosting Support Specialists cover your servers and support your customers 24/7 at just $9.99/hour. ]
What is FTP over SSL? How does it help?
As FTP by default do not provide encrypted data transfer, it is prone to many types of attacks such as port stealing, brute force, packet sniffing and so on. To encrypt the FTP connections, we configure FTP over SSL.
FTPS (FTP over SSL) means securing a FTP connection using SSL. The connection is authenticated using a username, password and SSL certificate. Both the control and data connections are encrypted using FTPS.
When connecting to the FTPS server, the FTPS client will first check if the server’s certificate is trusted. If the certificate is valid, the client would initiate a secure connection to the server and transmit data over it securely.
[ Running a hosting business doesn’t have to be hard, or costly. Get world class Hosting Support Specialists at $9.99/hour (get bulk discounts) ]
Enable FTP over SSL from WHM
In cPanel/WHM servers, enabling FTP over SSL can be done from the WHM interface:
Go to "Main" >> "Service Configuration" >> "FTP Server Configuration" Select "TLS Encryption Support" >> Choose "Optional"
But merely enabling TLS encryption may not help establish secure FTP connections. If there are firewall rules that block the FTP ports, FTPS will not work.
But unnecessarily opening unwanted ports can lead to security issues. At Bobcares, we configure the server firewalls and open the relevant FTP related ports for the FTPS connection to be established properly.
[ Use your time to build your business. We’ll take care of your customers. Hire Our Hosting Support Specialists at $9.99/hr. ]
On the FTP client, enable FTP over SSL
For users to connect using FTP over SSL, they are given instructions on how to configure their FTP clients accordingly. For instance,
- In CuteFTP, click on File -> Site Manager.
- Click “New Site” and enter a name.
- Under the General Tab, enter the domain’s IP address, or domain name.
- Set the Protocol as “FTP – FTP Transfer Protocol”.
- Change Encryption to “Require implicit FTP over TLS”.
- Change the Logon type to “Normal,” and then enter the FTP username and password.
- Now “Connect”. Users would be prompted to approve or accept the SSL certificate and secure connection would be established.
For customers who have trouble connecting to FTP over SSL, we also enable SFTP (secure FTP), which is FTP over SSH and easier to configure in servers.
As additional security measures, Bobcares server experts also disable Anonymous logins and uploads, disable weak security ciphers, set maximum connection limits to the FTP server, disable root login and so on.
We also update and patch the FTP servers with the latest secure version to avoid exploits or hacks. Our Dedicated Support Specialists routinely help server owners ensure seamless web services for their customers.
Bobcares provides Outsourced Web Hosting Support and Outsourced Server Management for online businesses. Our services include 24/7 server support, help desk support, live chat support and phone support.