Last night, before I went to bed I noticed that there was a connection to my FTP server open. I know it was open because I use this really great Open Source FTP server software that puts an icon in the system tray. When there is an open connection the color changes in the icon. The only thing is, my FTP server isn’t advertised and I am the only one that should be using it. What’s that smell? Mmmmm, it smells like an attack!
I was just finishing up an install that required a reboot so I decided to just shut the server down for the night. They can’t get in if the server is not online.
This morning, when I booted it up, I immediately checked the FTP server logs, and sure enough from about 6:00pm until midnight before I shut it down someone was trying to access my server using different user names. They were trying all of the common ones, administrator, admin, anonymous, guest, user and so forth. Each attempt was thwarted though by this incredible server software.
The problem with regular FTP is that it is 100% unsecured. If you take a packet sniffer like Wireshark and run it while accessing a regular FTP server, you will notice that your username and password are both being sent across the wire in plain text. Anybody with a little bit of know how can use a packet sniffer, and pick up your username and password, then use that to access your server, or maybe other systems on your network.
The server software I use is Filezilla, and it offers connections using FTPS, where S stands for Secure. It uses self signed SSL certificates (up to 4096 bits) to secure the connection and the data transfer. You can even require that all users use the secure connection (Which is what I did, and is why the bad hackers couldn’t get in).
If you’re looking for an FTP solution, I highly recommend FilesZilla! It literally saved my server :-)