Most of the FTP-visible hosts are in the US (1.2 million). China (866,000), Germany (467,000), Hong Kong (415,000), Japan (366,000), and France (343,000) also house significant numbers of such systems.Some of the largest hosting and broadband providers worldwide account for the most FTP hosts, including China Unicom’s CHINA169 (405,000), Alibaba (227,000), OVH (177,000), Hetzner (138,000), KDDI Web Communications (127,000), and GoDaddy (126,000).Censys’ analysis of the FTP hosts revealed that Pure-FTPd is the most commonly running server, accounting for roughly 1.99 million services. It is followed by ProFTPD with 812,000 services and vsftpd (the standard FTP daemon in most Linux distributions) with 379,000 services.Microsoft’s legacy web and FTP server platform, IIS (Internet Information Services), accounts for 259,000 services. All Windows Server instances with the FTP role enabled would run IIS FTP by default, and more than 150,000 of these services have never had encryption set up, Censys says.In fact, of the 2.45 million FTP hosts that lack encryption, 994,000 services do not implement AUTH TLS on the scanned port, 813,000 ask for a password before establishing an encrypted channel, and more than 170,000 do not have explicit TLS support.“The geography, ASN distribution, and server technology mix in this dataset all point toward the conclusion that most Internet-facing FTP configurations are a byproduct of commodity hosting and broadband defaults,” Censys notes.Organizations are encouraged to either completely remove FTP from their environments or transition to more secure alternatives, such as SFTP (SSH File Transfer Protocol) and FTPS, which offer encrypted file transfer capabilities and have broad client compatibility.“For most use cases, FTP can be replaced without significant disruption. If FTP must remain, enabling Explicit TLS is a configuration change, not a protocol upgrade, and both Pure-FTPd and vsftpd support it natively,” Censys notes.Related:Millions of Internet Hosts Vulnerable to Attacks Due to Tunneling Protocol FlawsRelated:BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS ProtocolRelated:Thousands of Websites Hijacked Using Compromised FTP CredentialsRelated:Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers
Some of the largest hosting and broadband providers worldwide account for the most FTP hosts, including China Unicom’s CHINA169 (405,000), Alibaba (227,000), OVH (177,000), Hetzner (138,000), KDDI Web Communications (127,000), and GoDaddy (126,000).Censys’ analysis of the FTP hosts revealed that Pure-FTPd is the most commonly running server, accounting for roughly 1.99 million services. It is followed by ProFTPD with 812,000 services and vsftpd (the standard FTP daemon in most Linux distributions) with 379,000 services.Microsoft’s legacy web and FTP server platform, IIS (Internet Information Services), accounts for 259,000 services. All Windows Server instances with the FTP role enabled would run IIS FTP by default, and more than 150,000 of these services have never had encryption set up, Censys says.In fact, of the 2.45 million FTP hosts that lack encryption, 994,000 services do not implement AUTH TLS on the scanned port, 813,000 ask for a password before establishing an encrypted channel, and more than 170,000 do not have explicit TLS support.“The geography, ASN distribution, and server technology mix in this dataset all point toward the conclusion that most Internet-facing FTP configurations are a byproduct of commodity hosting and broadband defaults,” Censys notes.Organizations are encouraged to either completely remove FTP from their environments or transition to more secure alternatives, such as SFTP (SSH File Transfer Protocol) and FTPS, which offer encrypted file transfer capabilities and have broad client compatibility.“For most use cases, FTP can be replaced without significant disruption. If FTP must remain, enabling Explicit TLS is a configuration change, not a protocol upgrade, and both Pure-FTPd and vsftpd support it natively,” Censys notes.Related:Millions of Internet Hosts Vulnerable to Attacks Due to Tunneling Protocol FlawsRelated:BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS ProtocolRelated:Thousands of Websites Hijacked Using Compromised FTP CredentialsRelated:Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers
Censys’ analysis of the FTP hosts revealed that Pure-FTPd is the most commonly running server, accounting for roughly 1.99 million services. It is followed by ProFTPD with 812,000 services and vsftpd (the standard FTP daemon in most Linux distributions) with 379,000 services.Microsoft’s legacy web and FTP server platform, IIS (Internet Information Services), accounts for 259,000 services. All Windows Server instances with the FTP role enabled would run IIS FTP by default, and more than 150,000 of these services have never had encryption set up, Censys says.In fact, of the 2.45 million FTP hosts that lack encryption, 994,000 services do not implement AUTH TLS on the scanned port, 813,000 ask for a password before establishing an encrypted channel, and more than 170,000 do not have explicit TLS support.“The geography, ASN distribution, and server technology mix in this dataset all point toward the conclusion that most Internet-facing FTP configurations are a byproduct of commodity hosting and broadband defaults,” Censys notes.Organizations are encouraged to either completely remove FTP from their environments or transition to more secure alternatives, such as SFTP (SSH File Transfer Protocol) and FTPS, which offer encrypted file transfer capabilities and have broad client compatibility.“For most use cases, FTP can be replaced without significant disruption. If FTP must remain, enabling Explicit TLS is a configuration change, not a protocol upgrade, and both Pure-FTPd and vsftpd support it natively,” Censys notes.Related:Millions of Internet Hosts Vulnerable to Attacks Due to Tunneling Protocol FlawsRelated:BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS ProtocolRelated:Thousands of Websites Hijacked Using Compromised FTP CredentialsRelated:Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers
Microsoft’s legacy web and FTP server platform, IIS (Internet Information Services), accounts for 259,000 services. All Windows Server instances with the FTP role enabled would run IIS FTP by default, and more than 150,000 of these services have never had encryption set up, Censys says.In fact, of the 2.45 million FTP hosts that lack encryption, 994,000 services do not implement AUTH TLS on the scanned port, 813,000 ask for a password before establishing an encrypted channel, and more than 170,000 do not have explicit TLS support.“The geography, ASN distribution, and server technology mix in this dataset all point toward the conclusion that most Internet-facing FTP configurations are a byproduct of commodity hosting and broadband defaults,” Censys notes.Organizations are encouraged to either completely remove FTP from their environments or transition to more secure alternatives, such as SFTP (SSH File Transfer Protocol) and FTPS, which offer encrypted file transfer capabilities and have broad client compatibility.“For most use cases, FTP can be replaced without significant disruption. If FTP must remain, enabling Explicit TLS is a configuration change, not a protocol upgrade, and both Pure-FTPd and vsftpd support it natively,” Censys notes.Related:Millions of Internet Hosts Vulnerable to Attacks Due to Tunneling Protocol FlawsRelated:BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS ProtocolRelated:Thousands of Websites Hijacked Using Compromised FTP CredentialsRelated:Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers
In fact, of the 2.45 million FTP hosts that lack encryption, 994,000 services do not implement AUTH TLS on the scanned port, 813,000 ask for a password before establishing an encrypted channel, and more than 170,000 do not have explicit TLS support.“The geography, ASN distribution, and server technology mix in this dataset all point toward the conclusion that most Internet-facing FTP configurations are a byproduct of commodity hosting and broadband defaults,” Censys notes.Organizations are encouraged to either completely remove FTP from their environments or transition to more secure alternatives, such as SFTP (SSH File Transfer Protocol) and FTPS, which offer encrypted file transfer capabilities and have broad client compatibility.“For most use cases, FTP can be replaced without significant disruption. If FTP must remain, enabling Explicit TLS is a configuration change, not a protocol upgrade, and both Pure-FTPd and vsftpd support it natively,” Censys notes.Related:Millions of Internet Hosts Vulnerable to Attacks Due to Tunneling Protocol FlawsRelated:BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS ProtocolRelated:Thousands of Websites Hijacked Using Compromised FTP CredentialsRelated:Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers
“The geography, ASN distribution, and server technology mix in this dataset all point toward the conclusion that most Internet-facing FTP configurations are a byproduct of commodity hosting and broadband defaults,” Censys notes.Organizations are encouraged to either completely remove FTP from their environments or transition to more secure alternatives, such as SFTP (SSH File Transfer Protocol) and FTPS, which offer encrypted file transfer capabilities and have broad client compatibility.“For most use cases, FTP can be replaced without significant disruption. If FTP must remain, enabling Explicit TLS is a configuration change, not a protocol upgrade, and both Pure-FTPd and vsftpd support it natively,” Censys notes.Related:Millions of Internet Hosts Vulnerable to Attacks Due to Tunneling Protocol FlawsRelated:BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS ProtocolRelated:Thousands of Websites Hijacked Using Compromised FTP CredentialsRelated:Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers
Organizations are encouraged to either completely remove FTP from their environments or transition to more secure alternatives, such as SFTP (SSH File Transfer Protocol) and FTPS, which offer encrypted file transfer capabilities and have broad client compatibility.“For most use cases, FTP can be replaced without significant disruption. If FTP must remain, enabling Explicit TLS is a configuration change, not a protocol upgrade, and both Pure-FTPd and vsftpd support it natively,” Censys notes.Related:Millions of Internet Hosts Vulnerable to Attacks Due to Tunneling Protocol FlawsRelated:BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS ProtocolRelated:Thousands of Websites Hijacked Using Compromised FTP CredentialsRelated:Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers
“For most use cases, FTP can be replaced without significant disruption. If FTP must remain, enabling Explicit TLS is a configuration change, not a protocol upgrade, and both Pure-FTPd and vsftpd support it natively,” Censys notes.Related:Millions of Internet Hosts Vulnerable to Attacks Due to Tunneling Protocol FlawsRelated:BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS ProtocolRelated:Thousands of Websites Hijacked Using Compromised FTP CredentialsRelated:Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers
Related:Millions of Internet Hosts Vulnerable to Attacks Due to Tunneling Protocol FlawsRelated:BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS ProtocolRelated:Thousands of Websites Hijacked Using Compromised FTP CredentialsRelated:Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers
Related:BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS ProtocolRelated:Thousands of Websites Hijacked Using Compromised FTP CredentialsRelated:Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers
Source: SecurityWeek
