Setting up Anonymous FTP
- Navigate to the Anonymous FTP page.
- Select your domain from the dropdown menu.
- Click the Continue button.
If your user has Enhanced User Security enabled, clicking the Continue button throws an error. You must disable it for your user before you continue with this configuration.
- The Configuring Anonymous FTP screen opens:
- Enter the following information:
- Location on server: Select which user account you want it hosted under and the directory name where the anonymous FTP service files will be hosted.
- Restrict Uploads To: Select the maximum amount of disk space that will be allowed for this service.
- Unique IP: You must purchase a Unique IP for this domain to use this service.
- Click the Add Anonymous FTP Now! button to continue.
- A Success message appears after you successfully add Anonymous FTP:
- Read carefully the information presented on the "Success" screen.
To the right of your Anonymous FTP service, click the Edit button under the ‘Actions’ column.
Each directory has a specific set of permissions applied to it to restrict what users can do within that directory. The definition for each permission are as following:
- RETR – download files
- LIST – view the directories contents
- CD – change directories
- STOR – upload files
- DELETE – delete files
- RENAME – rename files
It's very important to set up the permissions correctly or you could inadvertently allow your anonymous FTP service to become abused by hackers. If a new Anonymous FTP service is exposed, hackers can test it for vulnerabilities by attempting to upload a file and then download it again (the default configuration does allow that). If successful, hackers can upload all of their illegal files to your site and give out the address of your anonymous FTP service to anyone.
The screenshot above shows a basic configuration in order to prevent an attempt to maliciously use the anonymous FTP service. Of course, you can modify it to meet your needs later, but this is an example on how to keep it safe.
This configuration allows users to "RETR" download files that are placed into the /(root) directory but can only "STOR" upload files into the /incoming directory. Since they cannot download files uploaded into the /incoming directory, you're safe. However, this may not meet your requirements . You should experiment with the configuration until you find one that works best for your needs.