Ability to disable main FTP account when using 2FA
As a cPanel user and sysadmin, I would like the main FTP account (that comes enabled by default with every newly created cPanel account) to have the ability to be disabled on a per user basis.
This is because when you enable the 2FA feature on a cPanel account, only the cPanel UI (i.e., /cpanel) gets protected by 2FA. The FTP account (which uses the same credentials with the cPanel account) is not protected by 2FA.
E.g., an attacker (that knows the cPanel credentials) can by-pass 2FA by simply using FTP. Once logged-in to FTP, they have full access to all files inside /home/user/ directory.
Having the ability to disable the main FTP account solves this issue.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
This is a great fix for shared host accounts that don't support SFTP and SSH.
This is a great fix for shared host accounts that don't support SFTP and SSH.
This should be a no brainer. We have written a cron that runs many times a day to remove those cpanel user ftp accounts. We have to give our clients access to their cpanel for emails, stats, etc. BUT we don't want to give them FTP access to our code. Having this controllable in the cpanel set up would be much cleaner and more reliable than our approach.
This should be a no brainer. We have written a cron that runs many times a day to remove those cpanel user ftp accounts. We have to give our clients access to their cpanel for emails, stats, etc. BUT we don't want to give them FTP access to our code. Having this controllable in the cpanel set up would be much cleaner and more reliable than our approach.
Replies have been locked on this page!