We have seen another wave of FTP type attacks on a number of sites. These can easily be avoided by following our guide here:
http://support.34sp.com/KB/a185/how-do-i-protect-my-vps-against-ftp-hacks.aspx?KBSearchID=32853
The addition of a file called .ftpaccess can protect your site from FTP based attacks even if you forget to lock FTP.
We recommend all customers (Personal, Professional and Business) use the provided FTP lock. This can be found by logging in to https://www.34sp.com/login
We recommend all customers on all account types take advantage of the .ftpaccess file.
All you need to do is create a file called .ftpaccess and place it in the folder you wish to protect and set IP addresses that are trusted.
<Limit ALL>
DenyALL
Allow 127.0.0.1
Allow 1.2.3.4
</Limit>
One easy way to secure is create the .ftpaccess file as below:
<Limit ALL>
DenyALL
</Limit>
Then simply enable and disable FTP by logging into siteadmin and renaming the file. This acts like a lock and is handy if you do not have a static IP address.
Friday, September 24, 2010 2:14 PM