FTP anonymous writable directories

Description
  • The remote FTP server permits anonymous users to create arbitrary files and/or folders. There is a risk to operating an anonymous FTP service that permits users to store files. We strongly recommend that sites do not automatically create a "drop off" directory unless thought has been given to the possible risks of having such a service. <br/> World-writable directories in anonymous FTP services are often used to store and distribute warez (stolen copyrighted software) or other illicit data.
Remediation
  • If you are not using this service, it is recommended to disable it. Otherwise deny FTP anonymous write access.<br/> Consult references for detailed information about fixing this vulnerability.
References