FTP anonymous writable directories

  • The remote FTP server permits anonymous users to create arbitrary files and/or folders. There is a risk to operating an anonymous FTP service that permits users to store files. We strongly recommend that sites do not automatically create a "drop off" directory unless thought has been given to the possible risks of having such a service.
    World-writable directories in anonymous FTP services are often used to store and distribute warez (stolen copyrighted software) or other illicit data.
  • If you are not using this service, it is recommended to disable it. Otherwise deny FTP anonymous write access.
    Consult references for detailed information about fixing this vulnerability.