Anonymous access via FTP. FTP server - Wiki for the "Web Design" program Anonymous login to the ftp server

Anonymous FTP (file transfer protocol) access is a great way to download publicly shared files without entering user credentials. Signing up for an anonymous FTP service is much easier than signing up for a standard service, as the latter requires you to enter exact credentials (username and password). To log into an anonymous service, the username is standard, and the password can be anything. Unlike regular FTP access through special utilities or a browser, an anonymous user can only download data, but not upload it.

Typically, this technology is used on file resources of government agencies, universities and public companies that have large volumes of open information. On most sites, anonymous FTP access is closed, as it is a big security problem, so user identification and authentication is used to use the file resource.

In order to access an anonymous FTP service, the user must simply connect to it. Unlike most identification procedures, no information about the user is transmitted here, and the user remains anonymous. Usually he connects to the FTP resource under the account “anonymous”, but sometimes as “guest”. Occasionally, to enter an anonymous service you will need to enter a random password, which can be your email address. But much more often, entering a password is not required at all (it is left blank), or the server itself generates it for an anonymous account.

As we have already said, a standard FTP service provides the ability to upload data in both directions - downloading and uploading to a file resource, while an anonymous FTP service only allows you to download or view a list of files. This is due to security issues, since an anonymous user, unrestricted in his actions, can easily upload files with viruses to the server. Along with this restriction, even identified users are very often limited in their rights to ensure that sites are protected from attacks by hackers and malicious activities.

Through anonymous FTP services of government agencies and public organizations, hundreds of public documents related to historical events, economic activities, other statistical reviews, analytical samples and the legal framework can be downloaded. This way you can only download open information. Categorized and classified information will not be distributed in this way, as it can lead to the leakage of state and commercial secrets.

Today, most sites on the Internet disable anonymous access to FTP resources using secure means. In order to download data from them, identification and authentication of users is required. This is due to the fact that site owners protect their safety and performance, and do not want unauthorized persons to have access to valuable information.

Each website on the Internet is stored on a remote disk space, to which you can connect via FTP and manage data at your discretion.

When entering into an agreement with a hosting provider, administrators are provided with a certain disk space and in order to connect to it, they will need authorization data.

As a rule, this is a login and password, and no matter what hosting you use, you should be given access.

On some free website builders, it is impossible to connect to the site via FTP. Therefore it may be convenient connect to FTP anonymously.

Connect via FTP anonymously

Anonymous access via FTP does not require the user to enter authorization data, but the functionality will be limited. The ability to anonymously connect is not supported on all sites, because... this may reduce the safety of the project.

However, on some sites the ability to anonymously connect via FTP is present, and in most cases, these are government projects. This is done so that users can download various information, and given the anonymous mode, they will not be able to download anything.

This is the main limitation, the inability to upload files to disk space.

To connect via FTP anonymously, you must have the site data required to connect. On those platforms where it is available, such information is posted in the public domain.

All that is needed to connect is to indicate the address, a name and login are not required, and when you log in you will be authorized as anonymous user. Thus, the owner of the disk space will not receive any information about your connection to the site via FTP.

Today, anonymous access technologies via FTP are used quite rarely, because... the number of scammers and hackers is increasing, and, despite the restrictions, they can disrupt the stable operation of the site.

FTP server- a computer that contains publicly accessible files and is configured to support (the FTP server must have software that supports the FTP protocol).

There are currently three types of FTP servers on the Internet:

1. Internet-style (access to all server files)
2. Listserver (limited access)
3. FTPmail (access via email).

Servers ftpmail are most interesting for those users who have very limited access to the Internet, that is, they can only use email. You enter several special commands in your letter that the FTPmail server you have chosen must execute. If everything is entered correctly and your letter has arrived as intended, the FTPmail server will start looking for the required file in almost all nooks and crannies of the Internet. If the file is found, it will be sent to you, otherwise you will receive a letter with information that this file does not exist in nature. This is a good thing, of course, but if you have full access to Internet resources, it is of no use to you.

There are ways to store large amounts of data on the Internet. FTP servers. An FTP server is a kind of file library. To transfer files between FTP servers and the user’s computer, the protocol ( File Transfer Protocol- file transfer protocol).

What is an FTP server for? You can download files posted on numerous FTP servers to your computer. There are thousands of FTP servers on the Internet that provide free anonymous access to gigabytes of a wide variety of information: text documents, software distributions, photographs and music files. You can upload your home pages to free servers that provide space for them. This is much more convenient than using HTTP, when on a special server page you indicate the files that need to be downloaded.

There is also FileZilla Server- a project related to FileZilla Client. This is an FTP server developed by the same organization. It supports FTP, SFTP and FTPS (FTP over SSL/TLS).

Creating and setting up an FTP server using the example of FileZilla Server

Creating your own home FTP server allows you to organize a convenient way to transfer data for local or global network users. To run it at home, you can use free software, for example, FileZilla Server. This program is equipped with all the necessary functionality and is easy to customize.

FileZilla Server is distributed under a free license, so the program distribution package can be freely downloaded from its developer’s website. Before installation, you must specify the port for listening on the administrator interface and determine the method for starting the FTP service. If you leave the default settings, the installer will select a random port and add the FTP service to Windows startup.

Also, before installing FileZilla Server, you must select a method for starting the server when the system boots. By default, the automatic start of the FTP service is activated for all users when they are authorized in the OS.

Once the installation is complete, the program will place its icon in the tray, and when you click on it, the server administration panel will open. In it, first of all, you should confirm the choice of server 127.0.0.1 and the specified port, and also, if necessary, create and enter an administrator password.

You should start setting up FileZilla Server by creating one or more users and allowing them access to certain directories on the computer. To do this, select the “Users” item in the “Edit” menu and click the “Add” button. In the window that appears, you need to enter an arbitrary user name, if desired, placing it in a specific group (you can create it in the “Edit - Groups” menu). After clicking “Ok”, an account with the specified name will be created, after which you can begin setting it up.

By default, a new FileZilla Server user is created without a password. To set it, you should check the “Password” box in “General” and enter it. In the same window, you can set restrictions on the number of connections for the selected user (0 - no restrictions).

In the “Shared folders” tab, you need to add the user’s root directory and select the directories to which he will have access. You can set the selected directory as the root directory by clicking the “Set as home dir” button. Also in this window you can specify the rights for the selected user to the files and directories available to him. For example, checking the “Write” and “Delete” checkboxes in the “Files” category will give the anonymous account rights to write and delete files in the “C:\FTP” directory.

The “Speed ​​Limit” tab is responsible for setting the speed limit for uploading and downloading data for a specific account. These settings can be left unchanged.

In the “IP filter” window, the administrator can deny access to the FTP server from certain IPs or subnets. This may be useful in the future in detecting careless users uploading illegal content to the server or causing inconvenience in other ways.

You can access the general server settings, which apply to all accounts, from the “Edit - Settings” menu. Most parameters, in particular, speed limits, IP blacklist, SSL and Autoban, can initially be left as they are. It is worth paying attention to the “Passive mode settings” item, which allows you to enter the server’s domain name instead of IP. This will be useful if the address is dynamic and changes every time you connect to the network.

A free domain name can be registered, for example, using the DynDNS service.

To enable users to communicate with an FTP server, you need to provide them with its address and account login information. All their actions will be displayed in the main FileZilla window.

File Transfer Protocol (FTP) is a TCP protocol for transferring files between computers. In the past, it was also used to download [files on the Internet], but since this method does not use encryption, user data as well as the contents of files are transmitted in the open and are easily intercepted. So if you are here looking for a way to transfer and download files securely, better refer to the OpenSSH article in the Remote Administration section.

FTP operates on a client/server model. The server component is called the FTP service. It constantly listens for FTP requests from remote clients. When a request is received, it controls the login and connection establishment. During the session, it executes any commands sent by the FTP client.

vsftpd - installing an FTP server

vsftpd is an FTP service available on Ubuntu. It is easy to install, configure and maintain. To install vsftpd you can run the following command:

Sudo apt install vsftpd

To start the service you need to add it to startup. Starting from Ubuntu 15.04, Systemd is used, so to add vsftpd to startup you need to enter the following commands:

Sudo systemctl start vsftpd sudo systemctl enable vsftpd

Ubuntu Server may use the ufw firewall. Then you will need to allow ports 20 and 21

Sudo ufw allow 20/tcp sudo ufw allow 21/tcp

The configuration file contains many settings options. Information for each parameter is available in the same file. Alternatively you can look at the system manual for the command

Man 5 vsftpd.conf

to clarify details for each parameter.

Access to the FTP server can be organized in two ways:

IN anonymous mode The remote client can access the FTP server by using the default user account named "anonymous" or "ftp" and passing the email address as the password. IN authorized mode the user must have an account name and password. This last option is extremely unsafe and should not be used except in special circumstances. If you want to transfer files securely, see SFTP in the OpenSSH server section. User access to directories and files of the FTP server depends on the access rights of the user specified at login. Typically, the FTP service hides the root directory of the FTP server, replacing it with the FTP home directory. This hides the filesystem root from remote sessions.

Setting up anonymous access via FTP

The default setting of vsftpd does not allow anonymous booting. If you want to allow anonymous loading, change /etc/vsftpd.conf to the following:

Anonymous_enable=YES

The installation process creates a user ftp with home directory /srv/ftp. This is the default directory for FTP.

If you wish to change its location to, for example, /srv/files/ftp, simply create a new directory and change the ftp user's home directory:

Sudo mkdir /srv/files/ftp sudo usermod -d /srv/files/ftp ftp

After the changes, restart vsftpd:

Finally, copy all the files and directories you want to make available for anonymous FTP to /srv/files/ftp (or /srv/ftp if you want to leave the default settings).

By default, an anonymous user is not able to upload files to the FTP server. To change this setting, uncomment the following line and restart vsftpd:

Anon_upload_enable=YES

Allowing an anonymous user to upload files can be a serious security risk. It is better not to allow anonymous file uploads to servers with direct access from the Internet.

Setting up authorized access via FTP

Before making any changes to the configuration file, it is recommended to copy the sample so that you can roll back the changes without reinstalling the package sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

To authenticate local users, you need to uncomment the line

Local_enable=YES

By default, vsftpd is configured to authenticate system users with the ability to retrieve files. If you want to allow users to upload files, change /etc/vsftpd.conf:

Write_enable=YES

then restart vsftpd:

Sudo service vsftpd restart

Now when system users log in via FTP, they will be taken to their home directories where they can download, upload [files], create directories, etc.

FTP protection

User Restriction

There are options in /etc/vsftpd.conf to help make vsftpd more secure. For example, this option allows you to place a local user in a chroot() “imprisonment”, above which (in the directory tree) he cannot rise.

Chroot_local_user=YES

You can also define a list of users who only have access to the home directory:

Chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list

After uncommenting these options, create /etc/vsftpd.chroot_list containing a list of users, one per line. Then restart vsftpd:

Sudo service vsftpd restart

If you uncommented all three lines, then users on the list will not be limited to their home directories, unlike users not included in the list

Similarly, the /etc/ftpusers file contains a list of users who are denied FTP access. By default it includes root, daemon, nobody, etc. To deny FTP access to additional users, simply add them to this list.

If you see an error when trying to connect:

Answer: 500 OOPS: vsftpd: refusing to run with writable root inside chroot()

then this means that the local user has write access to the home directory, which should not be the case. There are several ways to solve this error:

Deny writing to the home directory for a local user (not suitable for everyone and not always)

sudo chmod a-w /home/user/ allow_writeable_chroot=YES

Set /home as the directory where local users will go after logging into the FTP server. Then each of them will be able to write only to their home directory

local_root=/home

Encryption

FTP may be encrypted when used FTPS. Unlike SFTP, FTPS is FTP over SSL. SFTP is an FTP-like session over an encrypted SSH connection. The main difference is that SFTP users must have a shell account instead of a nologin shell. Giving all users shell access may not be the best solution for some systems, such as a public web server. However, there is an option to limit such accounts to SFTP only and prevent shell interaction. See the section on OpenSSH for more information.

To configure FTPS, add the following to the end of the /etc/vsftpd.conf file:

Ssl_enable=Yes

Also note the certificate and key options:

Rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

By default these options are set to the values ​​provided by the package ssl-cert. For a production environment, they should be replaced with a certificate and key created for a specific computer. For more information, see the Certificates section.

Now restart vsftpd and non-anonymous users will use FTPS:

Sudo service restart vsftpd

To allow users with the /usr/sbin/nologin shell to access FTP but not grant shell access, edit /etc/shells to add nologin to the shell:

# /etc/shells: valid login shells /bin/csh /bin/sh /usr/bin/es /usr/bin/ksh /bin/ksh /usr/bin/rc /usr/bin/tcsh /bin/tcsh / usr/bin/esh /bin/dash /bin/bash /bin/rbash /usr/bin/screen /usr/sbin/nologin

This is necessary because vsftpd uses PAM authorization by default, and the settings file /etc/pam.d/vsftpd contains:

Auth required pam_shells.so

PAM module shells restricts access to the shells listed in the /etc/shells file.

Most popular FTP clients can be configured to use FTPS. The lftp command line FTP client also has the ability to use FTPS.

You just need to grant access to it to anonymous users.

1. Open “IIS Services Manager” and go to the ftp site settings.
2. Go to the “FTP Authentication” section. We switch anonymous access to the Enabled state:
3. Next, go to the “FTP Authorization Rules” section and create a new rule for anonymous users:

   

4. Now you need to configure the IUSR user's access rights to the root folder of the ftp server (inetpub/ftproot by default).
   Open the folder properties and go to the Security tab. To add a new user, click the Add button:

   

   Enter the username - IUSR and click the "Check names" button. If the user exists, their name will be underlined:

   

   Click OK and proceed to setting up rights:

   

   If anonymous users are allowed to read and write, then we give full access.
   If only reading, then we give the rights to “Read” and “List the contents of the folder”.

5. We confirm the changes and that's all. You can test the connection.
6. Mandatory requirement when connecting: anonymous username must always be anonymous. Arbitrary names are not allowed. The password can be anything, even empty.