FTP generally only transfers files in the clear - without encryption. This includes your passwords! It is also an easy target for even the most unsophisticated criminals. Their attack scripts don’t need to figure out how to establish an encrypted session as a first step, which is complex. As a result, our servers are under constant bombardment. At any given moment, there are typically 100 or more criminals attached to each server pumping out user name and password combinations trying to break in. It’s a big waste of resources and is sometimes so severe that it takes down the FTP service.
All good web site editing software supports SFTP as well as plain FTP. You will find that switching is not a big burden. CPanel documentation on configuring SFTP client software:
https://docs.cpanel.net/knowledge-base/ftp/how-to-configure-your-sftp-client/
Consider using client key login instead of passwords! It is faster and more secure. We are considering requiring this instead of password authentication. This would go a long way toward eliminating the problem of criminals constantly attached and pumping out login attempts.
Wednesday, March 22, 2023
