Many FTP servers contain several vulnerabilities including authentication, reconnaissance, and third-party attacks. If FTP is not configured securely, a remote attacker could perform reconnaissance or delete or modify files. This could lead to further unauthorized file system or server access.
Administrators should ensure that file permissions and ownerships are properly configured. Root should own all files in the FTP directory tree, and the permissions should be set to 444. Executable files in the /bin directory should have permissions set to "111". If users need to upload files, the files should be set to "unreadable" until they are reviewed. Administrators are advised to maintain an empty, writeable directory so that users may
upload files to it.