Skip to content

FTP Credentials

Service Name: File Transfer Protocol

Service Description: File Transfer Protocol (FTP) is a standard network protocol used for transferring files between a client and server on a computer network. It's commonly used for uploading website files to a hosting server, downloading files from servers, or exchanging files between systems.

Service Address: Varies by FTP server implementation (common ports: 21 for control, 20 for data transfer)

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the FTP server level through configuration files or access control lists.

Secret Access Scope: Grants access to upload, download, modify, and delete files on an FTP server based on the user's permissions.

Secret Revokement URL: Does not exist (typically managed through server administration tools)

Secret Example: username:p@ssw0rd123

Suspicious Activity Investigation Instructions:

  • Review FTP server logs for unusual login attempts, file transfers, or access patterns
  • Check for unexpected file modifications, deletions, or uploads
  • Monitor for connections from unusual IP addresses or during abnormal hours
  • Examine bandwidth usage for signs of large data transfers
  • Verify if there are multiple concurrent sessions using the same credentials

Mitigation Instructions:

  • Change the FTP user password immediately through the server administration

interface

  • Consider implementing IP restrictions to limit access to trusted networks
  • Enable secure FTP (SFTP/FTPS) if not already in use to encrypt data transfers
  • Implement stronger password policies and consider certificate-based

authentication

  • Review and adjust file/directory permissions to follow the principle of least

privilege

  • Set up alerts for failed login attempts and unusual activity patterns
  • Consider implementing multi-factor authentication if supported by your FTP

server