Webhosting that let restrict FTP access

[Sandira]

I know, there are a lot of users who represents webhosting companies. I am lookign for a webhosting who let restrict acces to FTP using IP. I want to set up .ftpaccess and allow acces to my FTP just from my IP only.
Are there such webhosters(UK based)?

p.s I know, that VDS is the best for security, but trying to find shared hosting.

 

[Jolt.co.uk]

Isn't it easier just to restrict by username (e.g. different FTP users with different access rights)?

What are you trying to solve for here?

 

[Sandira]

What are you trying to solve for here?

Security. I want restrict acces to my FTP for everyone, except me.

FTP is the weakest point, NOT encrypted password is transfered over Internet. Different username and password doesn't protect.

 

[Jolt.co.uk]

Firstly, you should always use sFTP so your uploads are secured and no transmission of plain text passwords.

Secondly, any reasonable web host's firewall will detect and block any brute force attempts across FTP/sFTP protcols so with a strong password, its highly unlikely you'll be compromised in this way.

I admire you being stringent on security but there are better ways to tackle this.

 

[Sandira]

Firstly, you should always use sFTP so your uploads are secured and no transmission of plain text passwords.

How could I know that webhoster uses sFTP? in my cPanel I see only "FTP".
I have tried to ask them what exactly FTP server they use but didn't get reply... very strange

Secondly, any reasonable web host's firewall will detect and block any brute force attempts across FTP/sFTP protcols so with a strong password, its highly unlikely you'll be compromised in this way.

It doesn't matter how strong you password if you have virus on PC =)

I admire you being stringent on security but there are better ways to tackle this.

Thanks, I know that better way to use VDS and use iptables firewall, but couldn't buy and admin server now

Honestly, I was really surprised that webhoster doesn't allow to set up .ftpaccess

 

[webhostuk]

Why worry about admin work ...you can go for managed VPS hosting. Still If you require IP restrictions use Folder protection as an addition, for IP restriction it will apply to your whole website ,which can be done via .htaccess on shared hosting.

 

[Xtm_Mike]

How could I know that webhoster uses sFTP? in my cPanel I see only "FTP".
I have tried to ask them what exactly FTP server they use but didn't get reply... very strange


It doesn't matter how strong you password if you have virus on PC =)

Thanks, I know that better way to use VDS and use iptables firewall, but couldn't buy and admin server now

Honestly, I was really surprised that webhoster doesn't allow to set up .ftpaccess

If the PC is hacked i'm sure they'll be able to find a way. You can only take so many precautions. As long as you are using a decent secure web host with SFTP, firewalls etc and your own PC has strong protection then you're doing good.

That being said, if you're really concerned you may be able to generate an SSH key and connect to SFTP using that key, therefore it should never ask you for a password.

I'll be happy to help you look into SSH it further if your host uses cPanel and supports SFTP.

 

[Sandira]

Why worry about admin work ...you can go for managed VPS hosting. Still If you require IP restrictions use Folder protection as an addition, for IP restriction it will apply to your whole website ,which can be done via .htaccess on shared hosting.

Yes, you are right, I have used htaccess and IP restriction to protect some directories and pages over HTTP. But I am concern access over FTP.

 

[Sandira]

That being said, if you're really concerned you may be able to generate an SSH key and connect to SFTP using that key, therefore it should never ask you for a password.

I'll be happy to help you look into SSH it further if your host uses cPanel and supports SFTP.

Yep, thanks a lot! I saw SSH and key in my cPanel, and probably would use it. But I using Dreamweaver and it need FTP.
Problem is, that host has default FTP account, that open all folders and files at my hosting directory. This default FTP account couldn't be removed. I don't use this FTP account.

Every time when I need FTP access to make change over Dreamweaver on my web site I create new ftp-account and delete it after complete my work.

My main concern is existence of default FTP account to all my webhosting) That's why I wanted to put file .ftpaccess into main folder and restrict ftp-access for everyone except my IP. I am afraid that someone could bruteforce name of login and password for this default FTP account.

Sorry for too long explanation, may be I am to paranoid

 

[Xtm_Mike]

Yes you're being a little paranoid.

If you are concerned about security don't use FTP, if this means switching hosts and using something else other than Dreamweaver then that is what you will need to do. (Although, i don't see why Dreamweaver is FTP only).

Make sure your password is long and secure then nobody will be able to brute force in, a host should block any brute force attempts, it's pretty standard.

Take regular backups and make sure your local PC is secure and has up to date malware/virus scanners

then I am sure you will be fine

 

[Sandira]

XTM, thanks, may be your are right!

Do you now any alternative for Dreamweaver?

 

[Xtm_Mike]

XTM, thanks, may be your are right!

Do you now any alternative for Dreamweaver?

Assuming you are on Windows I wouldn't be able to answer this properly as I use Mac specific software and therefore out of the loop when it comes to Windows. Hopefully someone else can help you with that.

 

[Sandira]

XTM, yes I am on Windows... hope to move .nix soon...

 

[Dan_HiHosting]

Here's what I would do:

Use FileZilla or another dedicated email client, not Dreamweaver.
Use Dreamweaver for your development/changes only.

Use sFTP, so your details are encrypted.

Set up FTP accounts in your cPanel, so you're not connecting using your default FTP account/cPanel username and password - but instead e.g. [email protected]

Switch to a better host. They should have advised you regarding the above, assuming you asked, and should have told you what FTP service they use.

Lastly, any decent host will run brute force protection, and anyone trying your password will fail and get blocked by their network.

So really, as long as you're using sFTP, you keep your PC in good order and secure (as you should anyway), and you've set up an FTP account with a strong password (as you should), then there's really nothing to worry about.

Good practice and precautions on your side, combined with secure, well managing hosting on your provider's side, will mean any risks regarding your worries I'd say are sufficiently managed.

Hope that helps,

Dan

 

[Sandira]

Thanks, Dan, I have almost did what you are writing about. And webhsoting probably has good protection as they blocked me in cPanel when I put wrong password 2 times)