When it comes to hosting, one of the most important things to consider is security. I tend to err on the side of caution. So in an attempt to further the security of my hosting environment I added FTP to the Host Access Control in cPanel. Most of my clients do not use FTP and the ones that do have static IP addresses, so why leave it on for everyone else?
Because Host Access Rules are executed in order my plan was to allow FTP for the static IPs that needed it and deny FTP for all others. It looked something like this (where 8.8.8.8 is my client’s static IP):
A quick test from any other IP address should have resulted in a connection failure. However, much to my surprise, even with the following rules in place, I was still able to FTP from anywhere.
Some quick Google searching provided the answer. Host Access Rules do not apply to PureFTPd server, which is the cPanel default. You must be using ProFTPd for this to work. This can be changed under the FTP Server Selection section of WHM the following advantage and disadvantage list can be seen:
Be sure to consider the advantages and disadvantages of the two options before making this change. If you have a lot of clients who use FTP, you may want to stick with PureFTPd for the brute force protection. If you can get more granular with your security and configurations, then ProFTPd may be the choice for. In any case, this can easily be switched in WHM.
Have questions about this procedure? Put them in the comments below. I love hearing from my readers.
Need a high-quality cPanel/WHM host? We give WiredTree raving reviews!
- Integrate Sendy with WHMCS Billing for less than a Latte - April 25, 2021
- Can I Really Make Money With Web Hosting? - July 5, 2016
- Can Independent Web Hosts Be Competitive? Here Are 3 Proven Ways - July 1, 2016