FTP offers a convenient method to automate the transfer of files and directories from a remote computer to the dedicated server and vice versa. It is vital that the Unix chroot feature is implemented for each ftp user so that the home directory of each user becomes the root directory. This makes it impossible for one user to access other user's directories even though they are all organized under /home. You need to make sure that the login user can never launch any executables, either scripts or programs from any restricted directories (/bin, /sbin, /usr/local/bin, etc.).

If anonymous login is unavoidable, make sure that there are limits on ftp transfer activities (read only, no write access to anonymous directory, daily bandwith limit, etc.) to minimize the chance of a major denial-of-service attack. If there are suspected unauthorized activities recorded in the server log (excessive transfers, repeated attempts of illegal operations, etc. from the same IP address), the firewall should ban the IP address from accessing the dedicated server.

This section of the condensed guide explains the following topics in details.

  • Choose your favorite ftp client.

  • Transfer your website directories.

  • Use soft links to remove duplicates.

  • Disable anonymous access.

  • Allow specific ftp from a list of users.

  • Set up anonymous as nobody and password with very restricted access.

  • Typical setup parameters for secure vsftpd deployment.

  • Start and stop the ftp service.