FTP access disabled for main cPanel admin accounts

[James]

We are currently in the process of disabling the default FTP login access (cpanel master user ) on all our cPanel Shared Hosting Servers. If you have a Linux cPanel Shared Hosting Account with us, you will need to login in your cpanel control panel and create a new FTP account from "FTP Manager section". In order to access your account via FTP, you will need to use this new FTP user login from now onwards. The master cPanel login username will no longer work for FTP access.

We had to take this step as many of our customers had their websites defaced with iFrame Injections on their websites. Customers who save their FTP login credentials in FTP softwares like WS_FTP_Pro, FileZilla, Cute-FTP, Dreamweaver or Frontpage are prone to such FTP iFrame Injections. Your login credentials are broadcasted to the hackers once a Windows Virus gets installed on your computer. You are exposed to same threat even if you have a Dedicated Server or Virtual Private Server or a Semi-Dedicated Server with us or any other hosting company. Resellers should notify their customers about this problem and ask them to avoid saving login credentials in Browser or FTP Softwares. The easiest way to save your login credentials would be to save them in a text document without saving the Domain name or Login Host information in the same text document. To be absolutely sure your FTP account won’t get compromised, we highly recommend you choose a strong password which contains a combination of upper and lower case letters, numbers and special characters such as #^&*$?£;: while adding a new FTP login name from your cpanel control panel. Webmasters, who manage multiple websites may not like this change, but losing your data and then losing your rankings in Search Engines will create more trouble.

There is no need to change your cpanel login password as FTP access has been disabled for the master cpanel login username only. Please donot attempt to use your existing cpanel master username for FTP as multiple failed login attempts will block your local IP on the server resulting in no access to your website from your computer.

[MrTWS]

Hi James - would this produce an error when logging into Plesk like below?
Secure Connection Failed

92.48.98.14:8443 uses an invalid security certificate.
The certificate expired on 22/04/2009 11:19 AM.
(Error code: sec_error_expired_certificate)

I'm using Firefox 3.09

[Harry]

Quote:

Originally Posted by MrTWS

Hi James - would this produce an error when logging into Plesk like below?
Secure Connection Failed

92.48.98.14:8443 uses an invalid security certificate.
The certificate expired on 22/04/2009 11:19 AM.
(Error code: sec_error_expired_certificate)

I'm using Firefox 3.09

Above error message has nothing to do with update we have made on our cpanel shared server as your account is hosted on Windows server

[MrTWS]

I appreciate that - can Web Hosting UK examine to see if their certificate is current or was this a glitch? as it still says the same today

[sysadmin]

Quote:

Originally Posted by MrTWS

I appreciate that - can Web Hosting UK examine to see if their certificate is current or was this a glitch? as it still says the same today

Certificate renewed, please give a try on accessing the control panel now you might want to add an exception when browsing the new certificate for the first time..

[Dan]

Quote:

Originally Posted by James

We have turned off default FTP access for main cPanel admin accounts on all our shared web hosting servers because a sustained FTP brute force attack was targeting our shared servers. During security audit our Admins have noticed that number of malicious scripts were uploaded via FTP on the server using legit cPanel login details and the account owners were not even aware of such incidence.

Usually customers using weak FTP passwords are more susceptible to such attacks. We can change the FTP port but its not going to solve the problem. We strictly recommend all our clients to use strong FTP passwords. A strong password comprises of upper case, lower case, numeric and special characters. You should use the combination of these characters to build strong passwords for your FTP accounts.

There is no need to change your cpanel login password as FTP access has been disabled for the master cPanel login username.

Thanks for the info James

[James]

You're welcome Dan.

[MrTWS]

Quote:

Originally Posted by sysadmin

Certificate renewed, please give a try on accessing the control panel now you might want to add an exception when browsing the new certificate for the first time..

PM sent to you

[sysadmin]

Quote:

Originally Posted by MrTWS

PM sent to you

Replied

[a1review]

Hi

Is there any time frame when FTP might be enabled?

Regards

Simon

Quote:

Originally Posted by James

We have turned off default FTP access for main cPanel admin accounts on all our shared servers because a sustained FTP brute force attack was targeting our shared servers. During security audit our Admins have noticed that number of malicious scripts were uploaded via FTP on the server using legit cPanel login details and the account owners were not even aware of such incidence.

[James]

Hello Simon,

FTP access has been permanently disabled for main cPanel admin accounts. We are not going to enable it on any of our shared/reseller servers.

[sysadmin]

Quote:

Originally Posted by a1review

Hi

Is there any time frame when FTP might be enabled?

Regards

Simon

As stated by James, the default/main FTP accounts have been disabled on the server permanently, but you can login to your cPanel account & create additional FTP accounts to perform the same file/folder operations.

[a1review]

Thanks for letting me know

[James]

You're welcome.

[jon123]

I know heart internet suffered the same problem recently, they reset all the passwords and emailed the new passwords out which caused a few problems as you can guess, especially with clients who had many domains