Anonymous FTP Hosting: Compare Hosting
Oops! No Hosting Plans Match Your Search
You've selected a combination of features that none of the web hosts we profile offer. We suggest you remove your last filter or reset & start again.
Ask Our Experts
Need help with your hosting? Tell us exactly what you are looking for and we’ll do our very best to help. Please allow one working day for a response.
Please fill in all fields.
Thanks! Your request has been sent. We'll reply within 24 hours.
Recommended Host for Anonymous FTP
What Is Anonymous FTP Hosting?
Before we proceed to explain the finer points of anonymous FTP access, we need to get something out of the way – most hosts do not recommend the use of anonymous FTP and some actively advise against it. There are a number of good reasons for their reluctance, but let's take a look at the technology and use cases behind anonymous FTP first.
File transfer protocol (FTP) is a vital network protocol and it's been around for decades. FTP allows users to upload or download files to and from their websites. While popular content management systems like WordPress, Drupal or Joomla come with their own upload interfaces, many webmasters still use FTP on a regular basis. FTP access simply offers a lot of features for power users looking to do more than add a bit of fresh content to their website every once in a while.
FTP access can also be used to make files available to your site's users. This used to be quite common on professional sites some time ago, but at the same time it was impractical. In order to download files via regular FTP access every single user would have to have an FTP account and sign-in to your site. That is simply not an option for high-volume sites and in this day and age it creates a number of potential security issues.
This is where anonymous FTP comes in, for better or for worse.
The dubious case for Anonymous FTP
The most obvious way of getting around these limitations is to simply offer anonymous FTP access, thus allowing anyone to access and download files from your site.
All the user usually needs to do use anonymous FTP is enter 'anonymous' as the user name and usually use their email address as a password. Sometimes the latter is not necessary and for good reason too – since a temporary address can be used anyway, so checking the validity of a submitted email address does not make much sense.
It sounds like a simple way of addressing the issue, but there is a problem. FTP access works both ways, hence it allows users to upload as well as download files, so literally anyone can upload files infected with malicious code or illegal content to your site.
This is why hosts do not like anonymous FTP – it poses a serious security risk.
Setting up Anonymous FTP
So, anonymous FTP is clearly not for everyone, but in case you absolutely need it, there are some precautions you can and should take. Otherwise you would potentially be giving access to your system to everyone on the internet.
It is necessary create a special account and make anonymous FTP files available in the FTP home directory, which should have a special place. You must set up the account's home directory as a mini filesystem, usually with three directories: /bin, /etc and /pub. Anonymous FTP access should be limited to this mini filesystem, preventing access outside the designated root area with symbolic or absolute links.
It is also possible to give users permission to access FTP files without giving them permission to log in. This can be done by setting up an account with a special shell, i.e. / bin/ftponly. This will allow the use of FTP to transfer files, but the account could not be used to log in to the site.
Hostile hosts and limited hosting options
As we pointed out earlier, hosts have a number of reasons for limiting anonymous FTP access. It can pose a significant security risk and, in case it happens to be abused for the distribution of illegal content, there is also reputational risk to consider.
This is why most hosts advise against anonymous FTP and discourage its use even when they allow its use in some hosting packages. Like all businesses, hosting services simply want to keep risks to a minimum.
As a result, very few hosts offer anonymous FTP on entry-level shared web hosting plans, but may offer it on dedicated plans.
It is all about limiting exposure to unnecessary risks – using anonymous FTP on dedicated servers eliminates most of the risks and passes them on to the customer rather than the host. Using anonymous FTP access on a shared server could potentially compromise the rest of the shared server, putting other websites at risk.
Different hosts have different standards, so some may require that you purchase a dedicated IP address for anonymous FTP access, or they could require more paperwork and caveats in their contracts. Therefore it is vital to read the fine print or contact the host directly for clarification and guidelines.
Anonymous FTP Hosting Frequently Asked Questions
If it’s so dangerous, why would anyone use anonymous FTP?
As mentioned in the article, the use of anonymous FTP is on the decline, as more modern CMS applications have made sharing massive amounts of information easier than ever. However, there are still cases where having the ability to share entire folders worth of documents and other files may be necessary. In particularly, if you want users to be able to quickly select and download multiple files from you site, FTP is the easiest way to handle it. Users can simply highlight the files they need, just like they would in File Explorer, and drag them to their system. If that ease of sharing is necessary for your team or business, and creating logins for each user is not feasible, anonymous FTP may still be the best approach. Though you should definitely do further research before committing to it.
Are there size limits for downloads over anonymous FTP?
No. This is one of the big advantages to FTP. While your browser may place limits on the file size, FTP clients typically do not.
Can anonymous FTP be set up for download only?
Yes. The exact procedure will vary depending on the type of host server you’re running, but you should be able to disable write and upload capabilities to your anonymous FTP site. This would allow anyone to access and download the content you share, while minimizing the risk of someone uploading dangerous files to your server. Of course, even with read-only access, there is always risk involved with giving the world access to your server. Be sure to fully research all of your security measures prior to adopting any type of anonymous FTP.
Does an anonymous FTP allow you to download multiple items simultaneously, or does it download one at a time?
While you can select as many files as you want to download, most FTP clients set a limit to how many files they will download simultaneously. The remaining files will be queued until another download stream opens up.
Can I restrict anonymous FTP to a select group, such as employees at a single IP address?
Yes. This can be one effective way to limit the risk involved with using anonymous FTP. By limiting access to a single IP address, you would essentially be creating an internal network access to that FTP site. This would restrict anyone outside of that location from accessing the site. Of course, this still requires you to give access to everyone at that IP address, so you should give it some serious thought before committing to it. Any host should be able to set up some type of IP address restriction; however, whether it can be done at a directory level versus an entire site level may vary.
Can I use a download manager with an anonymous FTP site?
Yes, but you probably don’t need to. Most FTP clients have a built-in download manager, because FTP protocols already allow you to resume a transfer if the connection is lost. In addition, many FTP clients allow you to schedule transfers.
How is anonymous FTP different from peer to peer file sharing?
The key difference is where the files are stored. With anonymous FTP, the files you wish to share are stored in a folder or multiple folders on your server. If you experience a security situation, it could bring down your entire site. And if you’re on a shared hosting plan it could impact everyone sharing that server space. With peer to peer file sharing, you are typically sharing a folder on your personal computer. While this still poses a number of potential security risks, they are limited to your own machine. Your website and server won’t be impacted.
Can I use command line to access an anonymous FTP site?
Yes. All of the commands available for access a typical FTP site will also work with an anonymous FTP site.
Are there more secure alternatives available that offer similar features?
This is one of the primary reasons so many sites are moving away from anonymous FTP. There are plenty of other solutions available to share files more securely, so why put your server at risk? For sharing within your organization, tools like Dropbox or a local intranet may provide a better option. For sharing large amounts of files publicly, your CMS probably offers a better system, if not by default than through a plugin. Programs like Simple Files allow users to download multiple files at once, just like they would using anonymous FTP. Of course, before choosing any of these alternatives you should do plenty of research and make sure you take all the necessary security precautions.
Can I access an anonymous FTP site from a web browser?
Yes, but doing so will limit the features available, in particular, the ability to download multiple files or an entire directory. However, most browsers are capable of exploring FTP sites and downloading individual files.
Who still uses anonymous FTP?
Anonymous FTP is still highly used by a number of organizations. The open source community still relies heavily on anonymous FTP, because their software is free to download and, in the case of source code, often involves multiple files. In order to share that software with the largest-possible community, anonymous FTP is an ideal solution.
How should I go about setting up a secure anonymous FTP site?
The first thing you’ll want to do is talk to your hosting provider. If they allow anonymous FTP hosting, they may have security measures already available. After that, do your homework. There are plenty of sites that can help you set up an anonymous FTP server. Pay particular attention to the security features. If you know someone who is already running an anonymous FTP server, talk to them. If you don’t know them personally, don’t worry. The open source community is usually more than happy to help each other out.