I'm Floris And that's all there is to it really
19 May '12
Stop using FTP, SFTP all the way
Yet again I had a chat with a friend about their web site, and I opt the suggestion to consider using SFTP and to uninstall their FTP daemon. They are on a dedicated solution, and have full server control. Why not increase security?
Okay, let me explain a little and hopefully I convince you to look into your hosting and consider these steps.
Sure, there's nothing wrong with using just FTP, but realize please that just having a password for your ftp account doesn't mean it's that safe. For example, it's perhaps easy to brute force the ftp if there are no anti brute force services running on the box. Also, since content is transmitted in plain text a malicious user could sniff out traffic (especially when over wi-fi).
The 's' in SFTP stands for secure, basically it means that through an encryption protocol the connection between the client and server is made secure. You take away the traffic sniffing element; all the man in the middle gets is garbled text.
Uninstalling the FTP daemon also means that it's one less process running on the server, and a program less that might potentially get exploited.
If you can SSH to your server you can SFTP into the server as well. And that's my recommendation.
Additionally I strongly recommend to change the default port for ftp from 21 to something else if you do decide to keep using ftp. And of course, to change your SSH port to something else (default is 22).
Of course, make sure your FTP client supports SFTP (such as Transmit from panic.com, the Mac client that I use).
Note: Users on a Shared hosting solution might not always be able to do this. Hence why I recommend to consider hosting your site on a VPS or better.
Okay, let me explain a little and hopefully I convince you to look into your hosting and consider these steps.
Sure, there's nothing wrong with using just FTP, but realize please that just having a password for your ftp account doesn't mean it's that safe. For example, it's perhaps easy to brute force the ftp if there are no anti brute force services running on the box. Also, since content is transmitted in plain text a malicious user could sniff out traffic (especially when over wi-fi).
The 's' in SFTP stands for secure, basically it means that through an encryption protocol the connection between the client and server is made secure. You take away the traffic sniffing element; all the man in the middle gets is garbled text.
Uninstalling the FTP daemon also means that it's one less process running on the server, and a program less that might potentially get exploited.
If you can SSH to your server you can SFTP into the server as well. And that's my recommendation.
Additionally I strongly recommend to change the default port for ftp from 21 to something else if you do decide to keep using ftp. And of course, to change your SSH port to something else (default is 22).
Of course, make sure your FTP client supports SFTP (such as Transmit from panic.com, the Mac client that I use).
Note: Users on a Shared hosting solution might not always be able to do this. Hence why I recommend to consider hosting your site on a VPS or better.
Latest Articles
- 2012
- New Year's Resolution 2013
- The end of the world, again
- Network upgrade 2012
- Technological Singularity
- Those old keyboards
- Thinking about the iPhone5
- Creepy iPhone Spider Mount
- A Sasha Update
- Password Management
- Screen Protection for the iPad
- Mac Pro upgrade
- Roughing up the iPad
- Apple Store app feedback
- Tutorial: PHP function handyDate()
- The best Apple device to buy
- iMac Upgrade
- Those damn patents