In April 2026, Censys security researcher Himaja Motheram disclosed that nearly 6 million internet-facing hosts are still utilizing the File Transfer Protocol (FTP). While this figure represents a 40% decrease from the 10.1 million servers recorded in 2024, the enduring use of this antiquated protocol remains a security concern due to prevalent insecure default settings.
The Ongoing Challenge of FTP Exposure
The Censys report underscores that the primary issue with FTP exposure in 2026 is not dedicated file transfer systems, but rather default configurations on shared hosting platforms and broadband networks. These defaults continue to leave systems vulnerable, making them an attractive target for potential attackers.
Encryption and Regional Variations
Regarding server security, the data presents a varied picture. Approximately 58.9% of FTP hosts observed by Censys completed a Transport Layer Security (TLS) handshake, indicating support for encrypted connections. However, about 2.45 million hosts lack encryption, raising the risk of cleartext data transmission.
There is a significant regional disparity in encryption adoption. Mainland China and South Korea exhibit the lowest TLS adoption rates among the top 10 nations, at 17.9% and 14.5%, respectively. Conversely, Japan accounts for 71% of global FTP servers that still use outdated encryption protocols such as TLS 1.0 and 1.1.
Technical Insights and Recommendations
The Censys report provides key technical findings, indicating that Pure-FTPd is the most prevalent FTP daemon, operating on roughly 1.99 million services. This popularity is largely due to its default inclusion in cPanel hosting environments. Additionally, over 150,000 Microsoft IIS FTP services return a “534” error, signifying that TLS was never configured, allowing cleartext credential acceptance despite appearing to enforce encryption.
Moreover, scanning exclusively on port 21 overlooks a substantial attack surface, as numerous FTP services operate on nonstandard ports like 10397 or 2121, often linked to specific telecom operations or network-attached storage devices.
Mitigation Strategies for Enhanced Security
Censys advises enterprise defenders and administrators to assess the necessity of FTP before attempting to secure it. Recommended strategies include migrating to secure alternatives like SSH File Transfer Protocol (SFTP), enforcing Explicit TLS (FTPS) for legacy infrastructure, and ensuring proper certificate bindings in IIS FTP configurations.
Despite the gradual decline in FTP reliance, millions of instances persist, posing a potential threat. Censys emphasizes that the primary danger lies in neglecting to update default configurations, which could lead to unnecessary exposure.
Stay informed on cybersecurity developments by following us on Google News, LinkedIn, and X. Contact us to share your stories.
