[Security] FTP over SSL
Monday, July 6th, 2009 - Security
Due to an increase number of FTP hacks on our servers and through reading thoughts from others in the webhosting industry, we may disable FTP unencrypted logins. This is accomplished by only allowing FTP over TLS, which encrypts the login information as it is sent across the wire from your computer to the server.
Currently you are allowed to use FTP over TLS, you just must enable it in your FTP program. This proposed change would require you to use FTP over TLS in order to log in via FTP. I will work on making a tutorial guide that shows how to do this and will make that available before this change is made to our servers.
If you want to take a look at your current FTP program and try to figure this out, look for an option called FTP over explicit TLS, FTPeS, or it may just be FTPS.
There are two types of FTP over TLS. FTP over implicit TLS and FTP over explicit TLS. FTP over implicit TLS is a dated standard and really isn’t used much any more. For this to work on our servers, you must use FTP over explicit TLS, but if you are using a newer FTP program, it may not have the option for FTP over implicit TLS and therefore may just list FTPS as an option.
Steven