1

I need to say that I'm not an expert in the web hosting and the whole networking subject and I recently had an argument with my web hosting provider regarding a FTP issue.

My web hosting account is a reseller web hosting account and recently, I tried to connect to one of the host's ftp accounts.

FileZilla and fireFTP(firefox add-on) clients were used to connect and they kept prompting certificate issues when connecting and no directory listing is displayed in any client.

I asked about this from the hosting provider and they suggest me to use 'plain FTP' instead of the 'FTP over TLS'. I host several websites in my server and they ask me about the certificate error prompt.

This happens only for the said hosting account and others connect fine through using every method.

I kept asking them about this matter and they say there is no big difference between insecure FTP and secure FTP.

This is the response I got from my web hosting provider.

"Actually do you know the difference between secure FTP connections and insecure connections? Have we ever asked you NOT to use insecure connections? We have NOT, do you know why is that? There is no big difference between secure FTP and insecure FTP. An excryption is used to change the clear text data to cypher text, it's to prevent spoofing.

Our clients do not transfer high sensitive data over the FTP and spoofing data is totally pointless. Therefore you must understand the purpose of what you are asking for. Do you want to upload the files over FTP or do something else? If you want to upload files, then you can use FTP (securing is NOT A MUST, it's an additional feature). Server side is protected by linux based firewalls and there is no need of securing the incoming FTP connections.

First of all I suggest you to understand the purpose of what you are asking, you are keep asking about something which is totally out of the topic and not a mandatory. "

Can anyone help me to understand that if I'm being a fool to argue with them and what should I do now?

Community
  • 1
Isuru Ranawaka
  • 21
  • 4
  • 5
    Securing is A MUST, not an additional feature. Consider switching to another web hosting compagny – sfk May 20 '15 at 09:13
  • Well, first thing i would do was to change provider and secondly, i would tell them its my business what i wish to transfer with FTP, that doesn’t change the fact that if i wish to transfer a file securely using FTP i shouldn’t have this option . Most people tend to use FTP for files that don`t really care if they are eavesdropped hence they dont really care if they use "the secure way of FTP". Others no matter what they transfer they always use the secure way. Personally I myself always use secure connections for everything (ssh,sftp e.t.c) – giomanda May 20 '15 at 09:20
  • Hi isu3ru. Questions on Server Fault should be about system administration in a professional context. Your question reads more like something an end user might ask their sysadmin, not something a sysadmin would ask. Could you perhaps edit your question to clarify how it applies to professional server or infrastructure administration? Also, please note that "what should I do now?" has a tendency to invite opinion-based answers, which is something we try very hard to avoid. Better to ask something that is objectively answerable. – user May 20 '15 at 09:23
  • Thank you all for your answers. I'm sorry and will be more specific in future questions. Thank you again. – Isuru Ranawaka May 20 '15 at 09:41
  • 2
    Saying that "Server side is protected by linux firewalls" and thus does not needing to secure incoming FTP connections, points to incompetence. – artifex May 20 '15 at 12:24

2 Answers2

2

When transferring files data integrity is a high priority. We want the data to be the same on both the receiving and the sending parts.

While encryption does not ensure integrity it does signal by becoming corrupt if it was changed mid stream.

It does also help with privacy. Everything that can be learned about someone helps. If the data can be seen it can be analyzed and an attack can be tailored against the target FTP system. For example the file that is sent can be swapped.

I also do not think that you should have to explain yourself why you need encryption.

Its up to you to value your data not them.

artifex
  • 1,634
  • 1
  • 17
  • 22
0

Both ftp, and ftps are clumsy, outdated protocols. Find yourself a sftp provider (there are a few of them out there).

Konrad Gajewski
  • 1,518
  • 3
  • 15
  • 29