Despite years of warnings, a significant security blind spot persists across the internet. A stark new report from Censys reveals that nearly 6 million internet-facing File Transfer Protocol (FTP) servers remain exposed as of April 2026. While this represents a 40% reduction from the 10.1 million identified in 2024, the continued prevalence of this decades-old protocol, often configured insecurely, poses a substantial and unnecessary risk to organizations worldwide.

The Enduring Threat of Exposed FTP Servers

FTP, a protocol designed for file transfer between a client and a server on a computer network, predates modern security standards. Its core functionality often involves transmitting data, including credentials, in plain text, making it highly susceptible to eavesdropping and credential theft. The sheer number of exposed servers, as highlighted by security researcher Himaja Motheram from Censys, underscores a troubling inertia in cybersecurity practices.

The decline in numbers, while positive, doesn’t diminish the severity of the remaining exposure. Each of these 6 million servers represents a potential entry point for attackers, a vulnerability that could be exploited for data breaches, malware distribution, or further network infiltration. Organizations utilizing these exposed instances are essentially leaving their digital doors ajar.

Why FTP Remains a Target for Cybercriminals

The appeal of FTP to malicious actors stems from several factors:

• Lack of Encryption: By default, FTP does not encrypt control or data connections, meaning usernames, passwords, and transferred files are sent in clear text. This makes them trivial to intercept with network sniffers.
• Outdated Software: Many exposed FTP servers run older versions of FTP software that contain known vulnerabilities. These unpatched systems become easy targets for exploitation.
• Weak Configurations: Default or poorly configured FTP installations often include anonymous access, weak password policies, or broad directory permissions, allowing unauthorized access to sensitive files.
• Supply Chain Risk: Compromised FTP servers can be used to inject malicious code into legitimate software updates or to exfiltrate intellectual property, impacting not just the directly affected organization but also its customers and partners.

Common Vulnerabilities Associated with FTP

While FTP itself is inherently insecure by modern standards, specific implementations and configurations can introduce critical vulnerabilities. Attackers frequently target these weaknesses:

• Credential Stuffing and Brute Force Attacks: Due to plain-text authentication, attackers can easily test stolen credentials or attempt brute-force attacks against FTP login portals.
• Directory Traversal (Path Traversal): Poorly configured FTP servers might allow attackers to access directories outside of their intended scope. This can lead to the discovery of sensitive files or system configuration data.
• Bounce Attacks (Port Scan Amplification): Older FTP servers can be manipulated to connect to arbitrary ports on other systems, effectively acting as proxies for port scanning or denial-of-service attacks.
• Buffer Overflows: Vulnerabilities in specific FTP server software can lead to buffer overflows, allowing attackers to execute arbitrary code with the privileges of the FTP service. For example, some older versions of vsftpd or ProFTPD have had such flaws.

Remediation Actions: Securing Your File Transfers

Addressing the risk posed by exposed FTP servers requires a multi-pronged approach. Organizations must prioritize moving away from traditional FTP where possible and implementing robust security measures for any unavoidable instances.

• Migrate to Secure Protocols: The most effective solution is to transition from FTP to secure alternatives immediately. These include:
  • SFTP (SSH File Transfer Protocol): Utilizes SSH (Secure Shell) to provide a secure channel for file transfers, encrypting both data and credentials.
  • FTPS (FTP Secure): Adds SSL/TLS encryption to FTP. While better than plain FTP, it can be more complex to configure correctly and may still share some architectural weaknesses with FTP.
  • HTTPS (HTTP Secure) with WebDAV or Secure File Transfer Solutions: For web-based file sharing, HTTPS with Web Distributed Authoring and Versioning (WebDAV) or dedicated secure file transfer gateways offer robust encryption and authentication.
• Network Segmentation and Firewall Rules: If FTP must be used internally, isolate FTP servers within a segmented network zone. Restrict access strictly with firewall rules, allowing connections only from trusted IP addresses or networks. Ensure outbound connections are also tightly controlled.
• Disable Anonymous Access: Anonymous FTP access should be disabled unless there is a strictly defined and monitored business requirement.
• Implement Strong Authentication: For all FTP accounts, enforce strong, unique passwords. Consider integrating with multi-factor authentication (MFA) solutions where available.
• Regular Patching and Updates: Keep FTP server software (e.g., vsftpd, ProFTPD, FileZilla Server) fully patched to protect against known vulnerabilities. Regularly check for security advisories from vendors.
• Least Privilege Principle: Configure FTP users with the minimum necessary permissions to perform their tasks. Restrict directory access to only what is absolutely required.
• Logging and Monitoring: Enable comprehensive logging on FTP servers and integrate these logs with a Security Information and Event Management (SIEM) system. Monitor for suspicious activities, failed login attempts, and unusual file transfers.
• Regular Security Audits and Penetration Testing: Periodically audit your FTP server configurations and conduct penetration tests to identify and remediate weaknesses before attackers exploit them.

Tools for Detecting and Securing FTP Exposure

Identifying and mitigating FTP exposure requires appropriate tools. Here’s a brief overview:

Tool Name	Purpose	Link
Nmap (Network Mapper)	Port scanning and service detection, including FTP. Helps identify open FTP ports.	https://nmap.org/
Shodan	Internet-wide search engine for connected devices, can identify exposed FTP servers globally.	https://www.shodan.io/
Censys	Internet-wide visibility platform for discovering and analyzing internet-connected devices and services.	https://censys.io/
OpenVAS/Greenbone Vulnerability Manager	Vulnerability scanning for identifying insecure FTP configurations and software vulnerabilities.	https://www.greenbone.net/
Metasploit Framework	Penetration testing tool, includes modules for exploiting FTP vulnerabilities and password guessing.	https://www.metasploit.com/

The Cybersecurity Imperative

The Censys report serves as a critical reminder that legacy technologies, when left unaddressed, continue to be significant vectors for cyberattacks. The nearly 6 million exposed FTP servers represent a widespread, yet entirely avoidable, security debt. Organizations must move decisively to adopt secure alternatives and implement stringent security controls for any remaining FTP instances. Proactive mitigation isn’t just best practice; it’s a fundamental requirement for maintaining a secure digital footprint in 2026 and beyond.