Client ability to turn off FTP access
As a Ecommerce host that sees 90% of site compromises coming from stolen ftp credentials we would like to see a feature of RVSkins ported over to cPanel proper. The ability to turn off FTP access inside of cPanel for the client when they don't need it on. In RVSkins there is a icon to go to the FTP Acess page, which allow the client to turn off and on again FTP access for the main user (which also turns off virtual users also). Basically, if using pureftpd, when the client clciks to turn off FTP access on their account their account username is written to etc/ftpusers in the following format.
Any usenames found in that file disallow ftp connection for the main user and the virtual users on the account.
We understand that its the client responsibilty to keep their computers clean so that ftp credentials don't get stolen, but it still happens way too much for our liking. Leaving the door closed and lock, and guarded means the 'hackers', even with a good set of keys (credentials) needs to attempt to get in at the same time the user has FTP access turned on. We tested for a while actually using a cron job to write all users on the server to that file every night at 1am, basically turning ftp off for all of them....for those that turned it on during the day and forgot....
Replies have been locked on this page!