Anonymous FTP

From DreamHost
Jump to: navigation, search

What is Anonymous FTP Service?

It's a specific type of FTP account that does not require a unique username & password to log in. All users can log in using the username "anonymous" and typically will use their e-mail address as the password. Some anonymous FTP services will allow the password field to be left blank (as ours does).

Regular FTP accounts require a specific username & password to log in. FTP users also cannot go into other users' home directories to view, upload, download, rename or delete files.

Anonymous FTP services can be very helpful if you have many different customers wanting to upload or download files to/from your server but you may not want to create a separate FTP user account for them.

Setting Up an Anonymous FTP Service

  • In the control panel go to (DOMAINS > ANONYMOUS FTP).
  • Select the domain that you want to add the anonymous FTP service under from the drop-down menu.
  • Click on the "Continue" button.
  • Select which FTP/shell user account you want it hosted under from the drop-down menu.
  • Select the directory name where the anonymous FTP service files will be hosted.
  • Select the maximum amount of disk space that will be allowed for this service. I would recommend NOT leaving it at the maximum!
  • A unique IP address is required for the anonymous FTP service. If you have not already assigned a unique IP address to this domain you will be prompted as to how you would like to pay for it (monthly or yearly). Select your preference from the drop-down menu.
  • Click on the "Add Anonymous FTP service now!" button to continue.
  • Please read carefully the information presented on the "Success" screen that follows!
  • You can view/modify the configuration by clicking on the "Edit" link for that particular anonymous FTP service. Changes take some time to be pushed out to the live servers!
  • I would recommend modifying the default configuration immediately!

Directory Permissions

Each directory will have a specific set of permissions applied to it to restrict what users can do within that directory.

The permissions and their meanings are as follows;

  • "RETR" users can download files
  • "LIST" users can view the directories contents
  • "CD" users can change directories
  • "STOR" users can upload files
  • "DELETE" users can delete files
  • "RENAME" users can rename files

It's very important to set up the permissions correctly or you could inadvertently allow your anonymous FTP service to become abused by hackers, warez distributors or other evil doers!

You see what they do when they find a new anonymous FTP service is they test it for vulnerabilities. They try to upload a file then download it again (the default configuration does allow that). If they can do that successfully then they will upload all of their illegal files to your site and give out the address of your anonymous FTP service to everyone. Now you end up paying the bandwidth transfer charges! If not caught quickly these charges could be quite substantial! So it's up to you to change it to protect yourself.

Here's the basic configuration I would recommend. Of course you can modify it to suite your needs later, but this will keep you safe.

Anon-ftp-perm-example-01.png

This configuration allows users to "RETR" download files that are placed into the /(root) directory but can only "STOR" upload files into the /incoming directory. Since they cannot download files uploaded into the /incoming directory - you're safe! However, this may not meet you needs exactly. I would recommend experimenting with the configuration until you find one that works best for your needs. If you need assistance setting this up please contact the technical support team for their recommendations.

Usage

Although you have (hopefully) restricted the usage for your directories (for users that log in anonymously) you can still manage all of the files using the FTP/shell user account where the anonymous FTP services is hosted!

For example, if you have a "upload" (or "incoming") directory that only allows uploads (as we recommend) then users can upload files to that directory when logged as user "anonymous". You can view/download/delete/move these files when logged in as the FTP/shell user account that is hosting the service. If you want to make a file that was uploaded available for others to download (from your dedicated "download" directory) you can move the file from the "incoming" directory to the "download" directory using your FTP client (provided it supports the "move" feature (FileZilla supports this with drop & drag simplicity!)).

NOTE: Although you can manage files using your FTP client when logged in as the FTP/shell user that is hosting your anonymous FTP service DO NOT MAKE, DELETE OR RENAME DIRECTORIES! Those functions should ONLY be done through our control panel interface and the directives set properly (or they may not be enforced at all)!

See also