Keywords: WordPress + NGINX + SSL - AWS - Technical issue - Connectivity (SSH/FTP)
bnsupport ID: 6bdb585f-e3e1-ea61-9d84-030674cbd560
Hello - I may have a misunderstanding of how exactly things work here, but I'm concerned that my instance might be vulnerable so I wanted to post this and see what others had to say.
I recently deployed an instance using the Bitnami + Wordpress + NGINX + SSL - everything was pretty simple and straightforward and I launched what I needed to without any issues.
Today I noticed that when I use Filezilla to ftp into the machine and upload some media that's not being tracked by git, and discovered that i'm able to connect with any password. I didn't noticed before because it connects with any password...so I just thought I used the correct user/pw combo the first time and didn't think much of it.
Is this somehow because I have authenticated with this machine during SSH or somehow because I have the key on this machine, or is FTP pretty much open and only being secured by the instance firewall? I have allowed http and https traffic, along with ssh for my ip at my home and office.
Thank you for any help with this.