With Version 86 moving into the EDGE Tier,
cPanel is disabling ftpd (the FTP service) by default. FTP, in its
design, was not built to be secure. Because FTP relies on clear-text
usernames and password, as well as unenforced encryption, data sent via
FTP is vulnerable to various methods of attacks.
Impact
New installations of cPanel & WHM will have ftpd
disabled by default, starting with Version 86. End-users that are
utilizing Version 86 will not have the ability to transfer data on their
servers using FTP.
Benefits
Data transmitted using FTP is vulnerable to brute force
attacks, spoofing, and sniffing. Removing the protocol from the product
provides a more secure default cPanel & WHM setup and allows further
server customization.
What you can do
There are several safer alternatives to transferring data to and from your servers, including SFTP and the Web Disk feature.
If you find the need to continue to use FTP on your server, you can either reenable via WHM’s “FTP Server Selection” tool or by running the following script:
./scripts/setupftpserver
and choosing your FTP server (pure-ftpd or proftpd) of choice. FTP can also be disabled again using those two methods.
We recommend system administrators should consider
disabling the FTP service in their existing installations if their
customers do not require it.
Anything else I should know?
This will not impact customers running cPanel & WHM Version 84
and older. As 86 is the new LTS (Long Term Support) version, to receive
ongoing support an upgrade will eventually be required.