Question: Is it safe to setup anonymous FTP services for my website visitors?
Answer: Anonymous FTP can be a useful feature when used correctly. If you are moving a lot of files, especially if you have some type of software or game repository, anonymous FTP may be a practical and easy solution.
Anytime you give users one more way to access your server, however, you open up new possibilities for security breaches. Your web server, most likely uses port 80 for HTTP and port 443 for HTTPS. By providing anonymous FTP access, you are adding port 21 into the mix. Here are a few things you can do to make sure it is secure:
1. Check to make sure the SITE EXEC command is disabled
2. Make sure you have chrooted your users so that they cannot access other directories.
3. Make sure that the files are not writable by the users. If you need users to upload files, only their own chrooted directory should be writable.
4. Make sure no files or directories are owned by “ftp” or whatever user your FTP server runs as.
Be vigilant and plan carefully, and you should be able to have a safe and secure anonymous FTP server.