The anonymous FTP feature in cPanel could pose serious security threats. File transfer protocol ( FTP) is a system whereby files are transferred between computers on a network. The use of FTP is not limited to just transfer of files between an account and desktop computer. It also extends to access over online software archives. Another implementation of FTP is anonymous FTP which is a process by which files can be downloaded from a website for which the user has no official password.By using the word anonymous the user can access the site’s data of public sections. The user merely mentions anonymous in place of the email address and password. However this arrangement does not allow users access over non-public sections, the users cannot upload files as well.
CPanel is a crucial software for managing a website without hassles. CPanel hosting not only provides an easy visual interface or easy access to install it, it also takes care of the entire websites backup, manages cron jobs, protects web directories, configures spam filters and HTTP redirects. While the main advantage of FTP is fast access to public archives it has a few drawbacks as well. In case of anonymous FTP, there is little or no control over policing who accesses the server and how often. Downloading popular files creates a load on the server which is why small capital organizations have opted for alternatives like BitTorrent to distribute large files. The anonymous read access is comparatively less risky it leads to primary security risks on CPanel like misconfiguration: which is unauthorized access to a file that should not be public second is the vulnerability at the IIS code level which can be exploited.Enabling anonymous write access is subjected to more risks. If people upload files online which are randomly readable the sites then are liable to get risked under software piracy or Warez- like acts of Phishing, malpractices being committed with misappropriation of credit card details by web criminals. However enabling right access under FTP root while access to a particular directory remains more under the security cover. Enabling write access to a special directory should be created which is writable by anyone but not readable by anonymous users.Another risk of using anonymous FTP on CPanel is disk space- allowing people to upload files on the site often curtails disc space which further creates a problem in accessing the site via FTP, front page and leads to hassles in uploading and modifying files.
Anonymous FTP based file transfers are exposed to high risk of online duplicity and sensitive data getting exposed. Proper access control and installation of Firewall becomes necessary in case of such risk in digital operation.