how do i disable Anonymous FTP Access

[Linulex]

Hello,

In plesk 8.6 and 9.5 i could hide the Anonymous FTP button. Even an admin on a dedicated server couldnt use it then unless he had the knowledge on how to configure the plesk interface and someone with that knowledge is usualy smart enough to never turn on Anonymous FTP.

Is there a way in plesk 11 to turn off/hide/disallow Anonymous FTP? I dont want that ever used, not even by admin users.

Its an open invitation to hackers to setup a warez repositry on the server. Even if you fix it soon, being a warez download point even for a few hours is enough to have your ip adres on a zilion blacklists.

regards
Jan

 

[IgorG]

Just use Users role - http://download1.parallels.com/Plesk/PP11/11.0/Doc/en-US/online/plesk-administrator-guide/65704.htm

Configure anonymous FTP service. Set up a directory accessible to all Internet users over FTP without authorization.

 

[Linulex]

thank you for that non-answer. Please read the question before you answer. This is a guide on how to enable it.

i DONT want anonymous ftp, i want it out there, non-existend. i want the anonymous ftp tab gone from plesk for everyone including admin, i want to hide it, disable it whatever, so that no one even can enable it, not even the admin user on a dedicated server.

anonymous ftp on a shared server is a crime and whoever sets that up will be arrested by the security police.

regards
Jan

 

[Faris Raouf]

Igor was point you to a page where there is a note about modifying roles -- you can remove anon FTP configuration for an individual user that way.
Or you can change the option in your Subscriptions to prevent it being accessible at all to any user on any subscription.

As for removing it totally, server-wide, gone, kaput, even for the server admin -- hmmm...I don't know of a way to do that. But realistically, the server admin is going to have SSH access so anon FTP is the least of your worries?

Similarly, if the server admin doesn't have ssh access but has admin access to Plesk, their ability to enable anon FTP is again maybe the least of your worries.

But I *DO* understand the principle of what you want to do. You want a locked-down custom Plesk config, right? I don't think this is currently possible. Why not add it at http://plesk.uservoice.com ? Many of the ideas there have already been implemented. It is a great way for users to give feedback feedback and requests.

 

[Linulex]

As for removing it totally, server-wide, gone, kaput, even for the server admin -- hmmm...I don't know of a way to do that. But realistically, the server admin is going to have SSH access so anon FTP is the least of your worries?

I am not worried about server admins, i am more worried about there webdesign people that think security is a far away land where server admins go on holiday because they here them talk about it at times.
I might be stupid but what has ssh login to do with anonymous ftp? there is an absolute difference between an ssh login that requires a password or key pair and an anonymous ftp that can be used and mis-used by everyone from my mother in law till the russian scriptkiddie.

But I *DO* understand the principle of what you want to do. You want a locked-down custom Plesk config, right? I don't think this is currently possible. Why not add it at http://plesk.uservoice.com ? Many of the ideas there have already been implemented. It is a great way for users to give feedback feedback and requests.

Having to put in a user request to implement a simple security rule like this is wrong on so many levels and so typical for the way plesk handles security these days.

I know what Igor answered, a but i also know what my original question was, i can even now still read it on this very page and it clearly asks about the admin user, not for specific users.

regards
Jan

 

[Sergey L]

Yes, you can hide Anonymous FTP even from Plesk Admin if they are in Power User:
1. Go Tools & Settings > Custom View Settings > Hosting Settings.
2. Off "Anonymous FTP management" - Actually it is off by default, but it has so much other stuff off, that you might want to review these settings and enable some "on" back.
3. Then go 'Interface management" and choose "Power User" + "Custom View"

I saw in your other threads, that Power User isn't fitting your needs, so that makes a point for me to make the custom view applicable to "Service Provider" view as well - but not available yet.

Overall there is a target to remake UI towards plain and simple (but extendable). Modality (Power User vs Service Provider) will be gone and optional items (Resellers, Customers, Service Plans) will not be shown to those who don't need them.

 

[Linulex]

I saw in your other threads, that Power User isn't fitting your needs, so that makes a point for me to make the custom view applicable to "Service Provider" view as well - but not available yet.

Thanks for that answer. That is good news. custom view in provider mode would be welcome and even more welcome if it was like plesk 8.6: the ability to have different interface templates for different clients/resellers, etc... I used it to hide buttons like "crontab" for hosting accounts that didnt have it included. We even have a template on a server with only a few buttons for ppl that have domain registration with dns management. only domain administrator and the dns button is visible there while for other clients on he same server a lot more is visible.

Overall there is a target to remake UI towards plain and simple (but extendable). Modality (Power User vs Service Provider) will be gone and optional items (Resellers, Customers, Service Plans) will not be shown to those who don't need them.

A remake of the UI would be welcome. Is there an estimated eta on that? plesk 12, 13, 14? i might skip a few versions then when its not all to long in the future.

regards
Jan