Anonymous FTP Uploads
This document explains how secure anonymous ftp uploads work.
Background
Anonymous FTP uploads allow users to upload information to you
using their ftp program. A password is not needed - the files
are placed in a special incoming directory for you to retrieve.
You do not need to tell the other user your account passwords (that
is not a good idea for obvious reasons). We can set up a secure
upload directory upon request.
Why Secure
There are many reasons for NOT opening your ftp site to outside
users.
- They can upload files, possibly overwriting other files of importance.
- They can use your ftp site as a temporary holding place for distribution of large and/or illegal files.
- They can use up your disk and traffic allocations - and quickly run up
a large bill you are responsible for.
- Hackers are constantly looking for ways to penetrate the system - they have programs that scan for such weaknesses and exploit them.
DO NOT OPEN UP YOUR FTP SITE FOR UPLOADS WITHOUT CONTACTING US FIRST!
When we create the secure upload directory, we set it up special so
that files uploaded cannot be downloaded. This protects you from hackers
looking for a place to distribute their files at your expense.
How does it work?
We create a special directory called "incoming" in your ftp site.
Users can upload there - but THEY CANNOT DOWNLOAD FROM THERE OR SEE WHATS
THERE. You will need to inform your users of that.
When files are uploaded it is YOUR RESPONSIBILITY to examine them and
decide what to do. Ask your users to email you after they've uploaded
so you can check the directory for new files. Remove any files
you've already examined so the directory is clean for subsequent
uploads. Check periodically and remove any files of unknown origin - they
may be uploads from hackers.
Only you can access the files in your incoming directory - when you log in
with your normal ftp you can goto the incoming directory to see its contents.
The only thing other users can do is upload files.
What the person uploading does
- Ftp to your server (ftp.yourdomain.com)
- login as anonymous
- the password is their email address.
- change directory to incoming (cd incoming, or click on the incoming folder)
- upload their file(s) - but note, their ftp program will not show the
contents of the incoming folder, they will just have to trust that their
upload went successfully.
- close the connection
- email you and tell you files are there for you to pick up.
How you get the files
You will get email from the user telling you there are files
waiting for you.
- Ftp to your server
- login as yourself in the usual way
- change directory to incoming (cd incoming, or click on the incoming folder)
- You can see the files there, copy them to your own hard disk or
otherwise move them to their proper place on your web site. Make sure
you delete them from the incoming dir after you copied them off.
Contact us
We do not set up these upload directories by default because of their
security weaknesses. We encourage you to use other means for your users
to deliver files to you. FTP is old technology, however if you have no
other means then we can set this up for you. Please contact us at
support@bigbiz.com if you need
us to create this.